#1338: Hide contributor agreements, visible through Apache/SVN
---------------------------+------------------------------------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+------------------------------------------------
(Jachym please speak up to help clarify)
#1338: Hide contributor agreements, visible through Apache/SVN
---------------------------+------------------------------------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+------------------------------------------------
Comment(by jachym):
During our discussion about "creating map with OSGeo contributors" the
privacy question was raised and it was pointed out, that the agreements do
contain potentially sensitive information. I agree, that exposing this SVN
directory directly via apache should not be.
The blocking could be done either using .htaccess file or on apache level.
IMHO only PDFs should be blocked. The sqlite database contains only
project names and contributor names.
#1338: Hide contributor agreements, visible through Apache/SVN
---------------------------+--------------------
Reporter: Jeff McKenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Changes (by strk):
* cc: robe (added)
Comment:
This is still an issue. Despite there being an .htaccess file (which is
also visible).
It shouldn't take much to fix.
Regina: do you want to give this a try ?
#1338: Hide contributor agreements, visible through Apache/SVN
---------------------------+--------------------
Reporter: Jeff McKenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by robe):
strk I'm not sure how to fix this. The svn repo is publically visible. I
don't need to be logged into osgeo to see the folder above, I can just
browse to it.
I don't think I have administrative rights on svn server to do this. I
don't even know where server is housed. It would seem we'd need to remove
access of the contribution_agreements in svn from public and make it only
accessible to board members or others that have commit rights to the board
folder.
That said I don't know how the svn feeds the website. This folder
shouldn't even be pushing to the website.
#1338: Hide contributor agreements, visible through Apache/SVN
---------------------------+---------------------
Reporter: Jeff McKenna | Owner: strk
Type: task | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Comment (by robe):
Yes also tested fetching via svn and I can read the files from there
logged in. I forgot how to wipeout my credentials so haven't tested
anonymous checkout.