30 Mar
2018
30 Mar
'18
12:58 a.m.
Hello,
in many modules we have a template text about our support contacts in the
"FAQ" part:
"E-mails regarding any stable Kamailio release should be sent to
<sr-users(a)lists.kamailio.org> and e-mails regarding development
versions should be sent to <sr-dev(a)lists.kamailio.org>rg>.
If you want to keep the mail private, send it to
<sr-users(a)lists.kamailio.org>."
The lower part (about the private contact) makes no sense anymore. It used
contain a private SER contact address, and lost somehow its meaning during the
conversion to Kamailio.
I would like to change to this text to:
"If you need to keep the e-mail private (e.g. for security issues) send it to
management at kamailio dot org."
Any objections against this change, or remarks about the replacement text?
Regards,
Henning
30 Mar
30 Mar
11:15 a.m.
On 29 Mar 2018, at 23:58, Henning Westerholt
<hw(a)kamailio.org> wrote:
Hello,
in many modules we have a template text about our support contacts in the
"FAQ" part:
"E-mails regarding any stable Kamailio release should be sent to
<sr-users(a)lists.kamailio.org> and e-mails regarding development
versions should be sent to <sr-dev(a)lists.kamailio.org>rg>.
If you want to keep the mail private, send it to
<sr-users(a)lists.kamailio.org>."
The lower part (about the private contact) makes no sense anymore. It used
contain a private SER contact address, and lost somehow its meaning during the
conversion to Kamailio.
I would like to change to this text to:
"If you need to keep the e-mail private (e.g. for security issues) send it to
management at kamailio dot org."
Any objections against this change, or remarks about the replacement text?
+1
/O
2 Apr
2 Apr
10:08 a.m.
Hello,
I would not involve management address in the readme of the modules, a
lot of people consider their use of kamailio private and will "abuse" it
for support.
Using sr-users there was a temporary hack when forking from ser and not
having seradmin anymore, which, obviously, got forgotten. But the age of
this (likely more than 10 years) shows it is not necessary at all, so my
suggestion is to remove it all together.
People have figured out what to do when needing to send something more
sensitive, there is a contact page on webite. Anyhow, based on your
commit on this matter, there are rather few modules with this remark
comparing with over all number of module.
Cheers,
Daniel
On 29.03.18 23:58, Henning Westerholt wrote:
Hello,
in many modules we have a template text about our support contacts in the
"FAQ" part:
"E-mails regarding any stable Kamailio release should be sent to
<sr-users(a)lists.kamailio.org> and e-mails regarding development
versions should be sent to <sr-dev(a)lists.kamailio.org>rg>.
If you want to keep the mail private, send it to
<sr-users(a)lists.kamailio.org>."
The lower part (about the private contact) makes no sense anymore. It used
contain a private SER contact address, and lost somehow its meaning during the
conversion to Kamailio.
I would like to change to this text to:
"If you need to keep the e-mail private (e.g. for security issues) send it to
management at kamailio dot org."
Any objections against this change, or remarks about the replacement text?
Regards,
Henning
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
3 Apr
3 Apr
10:54 p.m.
Am Montag, 2. April 2018, 09:08:04 CEST schrieb Daniel-Constantin Mierla:
I would not involve management address in the readme
of the modules, a
lot of people consider their use of kamailio private and will "abuse" it
for support.
Using sr-users there was a temporary hack when forking from ser and not
having seradmin anymore, which, obviously, got forgotten. But the age of
this (likely more than 10 years) shows it is not necessary at all, so my
suggestion is to remove it all together.
People have figured out what to do when needing to send something more
sensitive, there is a contact page on webite. Anyhow, based on your
commit on this matter, there are rather few modules with this remark
comparing with over all number of module.
Hi Daniel,
ok - I commited it already, as you saw.
I will change it to involve only security bugs, this way we could easily
change it when we have a dedicated security contact address. If we get to much
spam, I will remove it completely.
Best regards,
Henning
11:59 p.m.
Hello,
On 03.04.18 21:54, Henning Westerholt wrote:
Am Montag, 2. April 2018, 09:08:04 CEST schrieb
Daniel-Constantin Mierla:
I still think this is not the right way to do
it, but remove it
completely. It is not across all modules, only couple of them.
And again, so far nobody actually used it. When having to report
something more sensitive, people found the way to do it.
Management doesn't have to do anything with those modules and should not
get involved in their readme. There is a contact page with more details
on project's website.
Cheers,
Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
I would not involve management address in the
readme of the modules, a
lot of people consider their use of kamailio private and will "abuse" it
for support.
Using sr-users there was a temporary hack when forking from ser and not
having seradmin anymore, which, obviously, got forgotten. But the age of
this (likely more than 10 years) shows it is not necessary at all, so my
suggestion is to remove it all together.
People have figured out what to do when needing to send something more
sensitive, there is a contact page on webite. Anyhow, based on your
commit on this matter, there are rather few modules with this remark
comparing with over all number of module.
Hi Daniel,
ok - I commited it already, as you saw.
I will change it to involve only security bugs, this way we could easily
change it when we have a dedicated security contact address. If we get to much
spam, I will remove it completely.
4 Apr
4 Apr
9:14 a.m.
Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb Daniel-Constantin Mierla:
Hi Daniel,
I understand your reasoning.
We have neither on https://www.kamailio.org/w/mailing-lists/ or
https://www.kamailio.org/w/support/ any contact information for confidential
security issues. But maybe I did not saw it correctly.
You are right, in the past people figure it out to send it to somebody from
the core developer group. But people are in vacation or during extended
traveling etc.., therefore I see a benefit in having a distribution list for
this issues. It don't need to be the management, we just don't have right now
anything different.?
Best regards,
Henning
I will change
it to involve only security bugs, this way we could easily
change it when we have a dedicated security contact address. If we get to
much spam, I will remove it completely.
I still think this is not the right way to do it, but remove it
completely. It is not across all modules, only couple of them.
And again, so far nobody actually used it. When having to report
something more sensitive, people found the way to do it.
Management doesn't have to do anything with those modules and should not
get involved in their readme. There is a contact page with more details
on project's website.
10:07 a.m.
Hello,
On 04.04.18 08:14, Henning Westerholt wrote:
Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb
Daniel-Constantin Mierla:
Hi Daniel,
I understand your reasoning.
We have neither on https://www.kamailio.org/w/mailing-lists/ or
https://www.kamailio.org/w/support/ any contact information for confidential
security issues. But maybe I did not saw it correctly.
there is also https://www.kamailio.org/w/contact-us/
I will
change it to involve only security bugs, this way we could easily
change it when we have a dedicated security contact address. If we get to
much spam, I will remove it completely.
I still think this is not the right way to
do it, but remove it
completely. It is not across all modules, only couple of them.
And again, so far nobody actually used it. When having to report
something more sensitive, people found the way to do it.
Management doesn't have to do anything with those modules and should not
get involved in their readme. There is a contact page with more details
on project's website.
You are right, in the past people figure it out to send it to somebody from
the core developer group. But people are in vacation or during extended
traveling etc.., therefore I see a benefit in having a distribution list for
this issues. It don't need to be the management, we just don't have right now
anything different.?
If you talk about people not being available in short time, those in
management are quite exposed, because the group is not formed based on
recent activity. The admin group was built for this purpose. You can try
to organize that better or propose something else, I am more than happy
that someone takes care of it.
Anyhow, back to the original issue, that remark is in 14 modules out of
222, so not even in 10%. It was not relevant (not used) for a lot of
years. It should be removed, not revived in only few places, with a
wrong approach of directing to an address not supposed to be used for
such case. It should in in one place, where people will find it.
Cheers,
Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
12 Apr
12 Apr
12:45 a.m.
Am Mittwoch, 4. April 2018, 09:07:33 CEST schrieb Daniel-Constantin Mierla:
Hello,
the additional information was removed again.
Henning
On 04.04.18 08:14, Henning Westerholt wrote:
> Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb Daniel-Constantin
Mierla:
>> I will
change it to involve only security bugs, this way we could easily
>> change it when we have a dedicated security contact address. If we get
>> to much spam, I will remove it completely.
>
> I still think this is not the right way to do it, but remove it
> completely. It is not across all modules, only couple of them.
>
> And again, so far nobody actually used it. When having to report
> something more sensitive, people found the way to do it.
>
> Management doesn't have to do anything with those modules and should not
> get involved in their readme. There is a contact page with more details
> on project's website.
[..]
2418
days inactive
2431
days old
7 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Henning Westerholt -
Olle E. Johansson