airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From airflowuser <airflowu...@protonmail.com.INVALID>
Subject Re: Security issue being ignored?
Date Thu, 06 Sep 2018 09:07:02 GMT
Another example:
https://issues.apache.org/jira/projects/AIRFLOW/issues/AIRFLOW-2283

Sent with [ProtonMail](https://protonmail.com) Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On September 3, 2018 10:20 AM, airflowuser <airflowuser@protonmail.com> wrote:

> Hi,
> I noticed you opened a disccusion about the neccesity of Gitter...
> I think the main problem is that unlike other open source projects with Airflow no one
is monitoring the Jira. So people tend to report many stuff on the Gitter to get assistance.
Sometimes answers are given but no one answer on the open tickets.
>
> Other projects hosted on GitHub or others always have someone reviewing new tickets and
tag them. On airflow any user tag any thing he wishes.. there are no priorities. There are
open tickets for version 1.7 which will probebly stay there forever.
>
> Airflow doesn't have this function in the team... no one monitor the Jira and so there
are cases like this:
> [https://issues.apache.org/jira/projects/AIRFLOW/issues/AIRFLOW-1260](https://deref-gmx.com/mail/client/dzTsJ-2uKlU/dereferrer/?redirectUrl=https%3A%2F%2Fissues.apache.org%2Fjira%2Fprojects%2FAIRFLOW%2Fissues%2FAIRFLOW-1260)
> A report of security issue where no one see that. This could be nothing or it could be
sirious but I think the Jira should be more than just a place to paste you commit notices.
> In other projects the comunnity handle security issues asap... no one wants his project
to be hacked.
>
> May I suggest that the Jira is not very user-firendly... I think the GitHub issues section
(which is disabled in this project) is better for discussion and bug reports. This can be
used for questions as well and can also replace the Gitter.
> I noticed that many people submit PR and only then there is a disccution about the implemntation
- the disscution should be done before... not eveyone are on mailing lists.. especialy new
developers - you are limiting access to the project with this approch. See how many open PR
are from 2017,2016...
> It's easier for first time commiters to choose a ticket which it's taged as "easy fix"
and there was a disscution on it..
>
> Thanks,
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message