Hello,
in many modules we have a template text about our support contacts in the "FAQ" part:
"E-mails regarding any stable Kamailio release should be sent to sr-users@lists.kamailio.org and e-mails regarding development versions should be sent to sr-dev@lists.kamailio.org.
If you want to keep the mail private, send it to sr-users@lists.kamailio.org."
The lower part (about the private contact) makes no sense anymore. It used contain a private SER contact address, and lost somehow its meaning during the conversion to Kamailio.
I would like to change to this text to:
"If you need to keep the e-mail private (e.g. for security issues) send it to management at kamailio dot org."
Any objections against this change, or remarks about the replacement text?
Regards,
Henning
On 29 Mar 2018, at 23:58, Henning Westerholt hw@kamailio.org wrote:
Hello,
in many modules we have a template text about our support contacts in the "FAQ" part:
"E-mails regarding any stable Kamailio release should be sent to sr-users@lists.kamailio.org and e-mails regarding development versions should be sent to sr-dev@lists.kamailio.org.
If you want to keep the mail private, send it to sr-users@lists.kamailio.org."
The lower part (about the private contact) makes no sense anymore. It used contain a private SER contact address, and lost somehow its meaning during the conversion to Kamailio.
I would like to change to this text to:
"If you need to keep the e-mail private (e.g. for security issues) send it to management at kamailio dot org."
Any objections against this change, or remarks about the replacement text?
+1
/O
Hello,
I would not involve management address in the readme of the modules, a lot of people consider their use of kamailio private and will "abuse" it for support.
Using sr-users there was a temporary hack when forking from ser and not having seradmin anymore, which, obviously, got forgotten. But the age of this (likely more than 10 years) shows it is not necessary at all, so my suggestion is to remove it all together.
People have figured out what to do when needing to send something more sensitive, there is a contact page on webite. Anyhow, based on your commit on this matter, there are rather few modules with this remark comparing with over all number of module.
Cheers, Daniel
On 29.03.18 23:58, Henning Westerholt wrote:
Hello,
in many modules we have a template text about our support contacts in the "FAQ" part:
"E-mails regarding any stable Kamailio release should be sent to sr-users@lists.kamailio.org and e-mails regarding development versions should be sent to sr-dev@lists.kamailio.org.
If you want to keep the mail private, send it to sr-users@lists.kamailio.org."
The lower part (about the private contact) makes no sense anymore. It used contain a private SER contact address, and lost somehow its meaning during the conversion to Kamailio.
I would like to change to this text to:
"If you need to keep the e-mail private (e.g. for security issues) send it to management at kamailio dot org."
Any objections against this change, or remarks about the replacement text?
Regards,
Henning
Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Am Montag, 2. April 2018, 09:08:04 CEST schrieb Daniel-Constantin Mierla:
I would not involve management address in the readme of the modules, a lot of people consider their use of kamailio private and will "abuse" it for support.
Using sr-users there was a temporary hack when forking from ser and not having seradmin anymore, which, obviously, got forgotten. But the age of this (likely more than 10 years) shows it is not necessary at all, so my suggestion is to remove it all together.
People have figured out what to do when needing to send something more sensitive, there is a contact page on webite. Anyhow, based on your commit on this matter, there are rather few modules with this remark comparing with over all number of module.
Hi Daniel,
ok - I commited it already, as you saw.
I will change it to involve only security bugs, this way we could easily change it when we have a dedicated security contact address. If we get to much spam, I will remove it completely.
Best regards,
Henning
Hello,
On 03.04.18 21:54, Henning Westerholt wrote:
Am Montag, 2. April 2018, 09:08:04 CEST schrieb Daniel-Constantin Mierla:
I would not involve management address in the readme of the modules, a lot of people consider their use of kamailio private and will "abuse" it for support.
Using sr-users there was a temporary hack when forking from ser and not having seradmin anymore, which, obviously, got forgotten. But the age of this (likely more than 10 years) shows it is not necessary at all, so my suggestion is to remove it all together.
People have figured out what to do when needing to send something more sensitive, there is a contact page on webite. Anyhow, based on your commit on this matter, there are rather few modules with this remark comparing with over all number of module.
Hi Daniel,
ok - I commited it already, as you saw.
I will change it to involve only security bugs, this way we could easily change it when we have a dedicated security contact address. If we get to much spam, I will remove it completely.
I still think this is not the right way to do it, but remove it completely. It is not across all modules, only couple of them.
And again, so far nobody actually used it. When having to report something more sensitive, people found the way to do it.
Management doesn't have to do anything with those modules and should not get involved in their readme. There is a contact page with more details on project's website.
Cheers, Daniel
Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb Daniel-Constantin Mierla:
I will change it to involve only security bugs, this way we could easily change it when we have a dedicated security contact address. If we get to much spam, I will remove it completely.
I still think this is not the right way to do it, but remove it completely. It is not across all modules, only couple of them.
And again, so far nobody actually used it. When having to report something more sensitive, people found the way to do it.
Management doesn't have to do anything with those modules and should not get involved in their readme. There is a contact page with more details on project's website.
Hi Daniel,
I understand your reasoning.
We have neither on https://www.kamailio.org/w/mailing-lists/ or https://www.kamailio.org/w/support/ any contact information for confidential security issues. But maybe I did not saw it correctly.
You are right, in the past people figure it out to send it to somebody from the core developer group. But people are in vacation or during extended traveling etc.., therefore I see a benefit in having a distribution list for this issues. It don't need to be the management, we just don't have right now anything different.?
Best regards,
Henning
Hello,
On 04.04.18 08:14, Henning Westerholt wrote:
Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb Daniel-Constantin Mierla:
I will change it to involve only security bugs, this way we could easily change it when we have a dedicated security contact address. If we get to much spam, I will remove it completely.
I still think this is not the right way to do it, but remove it completely. It is not across all modules, only couple of them.
And again, so far nobody actually used it. When having to report something more sensitive, people found the way to do it.
Management doesn't have to do anything with those modules and should not get involved in their readme. There is a contact page with more details on project's website.
Hi Daniel,
I understand your reasoning.
We have neither on https://www.kamailio.org/w/mailing-lists/ or https://www.kamailio.org/w/support/ any contact information for confidential security issues. But maybe I did not saw it correctly.
there is also https://www.kamailio.org/w/contact-us/
You are right, in the past people figure it out to send it to somebody from the core developer group. But people are in vacation or during extended traveling etc.., therefore I see a benefit in having a distribution list for this issues. It don't need to be the management, we just don't have right now anything different.?
If you talk about people not being available in short time, those in management are quite exposed, because the group is not formed based on recent activity. The admin group was built for this purpose. You can try to organize that better or propose something else, I am more than happy that someone takes care of it.
Anyhow, back to the original issue, that remark is in 14 modules out of 222, so not even in 10%. It was not relevant (not used) for a lot of years. It should be removed, not revived in only few places, with a wrong approach of directing to an address not supposed to be used for such case. It should in in one place, where people will find it.
Cheers, Daniel
Am Mittwoch, 4. April 2018, 09:07:33 CEST schrieb Daniel-Constantin Mierla:
On 04.04.18 08:14, Henning Westerholt wrote:
Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb Daniel-Constantin
Mierla:
I will change it to involve only security bugs, this way we could easily change it when we have a dedicated security contact address. If we get to much spam, I will remove it completely.
I still think this is not the right way to do it, but remove it completely. It is not across all modules, only couple of them.
And again, so far nobody actually used it. When having to report something more sensitive, people found the way to do it.
Management doesn't have to do anything with those modules and should not get involved in their readme. There is a contact page with more details on project's website.
[..]
Hello,
the additional information was removed again.
Henning
-
Daniel-Constantin Mierla -
Henning Westerholt -
Olle E. Johansson