RT for public bug tracking?


#1

Is anyone using RT for bug tracking? Our little gang of geeks is
now using it for our support queue, and it’s working well. Okay,
it’s working well for those of us who have taken the time to learn
it, and I’m slowly training the others. :slight_smile: I’ve received a request
from one of the engineers who works remotely to make it run the bug
database as well, since he prefers an email interface over the web
interface at sourceforge.

I’m not averse to that, but my concern is that this bug database has
to be readable by anyone with web access. Any comments on how secure
RT is? I’m thinking of putting it on a separate machine from everything
else and backing it up at least once a day so the bug database won’t
be too horribly compromised if someone manages to find a hole and
wreak havoc.

Comments? I would guess that a lot of people are already using RT as
a bug database, but is anyone using it as a public bug database?

Jill Lundquist jill@chezns.org
"The first butcher I saw as a child had a wooden leg, and to this
day I have an unreasonable feeling that butchers with two genuine
legs are impostors." -Robertson Davies


#2

I know that the casbah project did it. and we do it. you probably
want to set up an “anonymous” account with “display” access
to the queues in question. I’ve never heard about a breakin though
rt, but that doesn’t mean it can’t happen. For extra security,
you could set up a wget to suck down the relevant html and
only export daily snapshots to the public.

    -jOn Wed, Oct 25, 2000 at 11:13:02PM -0600, Jill Lundquist wrote:

Is anyone using RT for bug tracking? Our little gang of geeks is
now using it for our support queue, and it’s working well. Okay,
it’s working well for those of us who have taken the time to learn
it, and I’m slowly training the others. :slight_smile: I’ve received a request
from one of the engineers who works remotely to make it run the bug
database as well, since he prefers an email interface over the web
interface at sourceforge.

I’m not averse to that, but my concern is that this bug database has
to be readable by anyone with web access. Any comments on how secure
RT is? I’m thinking of putting it on a separate machine from everything
else and backing it up at least once a day so the bug database won’t
be too horribly compromised if someone manages to find a hole and
wreak havoc.

Comments? I would guess that a lot of people are already using RT as
a bug database, but is anyone using it as a public bug database?

Jill Lundquist jill@chezns.org
"The first butcher I saw as a child had a wooden leg, and to this
day I have an unreasonable feeling that butchers with two genuine
legs are impostors." -Robertson Davies


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

Pelcgb-serrqbz abj!