bugzilla.proxmox.com - Filing bug yields mail to saifi@SoftwareFreedomProject.org ?

fstrankowski

fstrankowski

Renowned Member
Proxmox Subscriber
Nov 28, 2016
100
23
83
Hamburg
I'm filing quite a lot of bugs on bugzilla and noticed some weired mail getting notified when filing backend bugs for example:

1757592526618.png

Why is "saifi@SoftwareFreedomProject.org" getting notified when i file a backend bug? Seems said mail belongs to an Indian Network Security Engineer?!

Did Proxmox get a security audit from an external company and one of these devs forgot to remove their mail from the last pentest / audit? (lol)
 
Last edited:
No worries, better to be safe than sorry; albeit if you think there are potential security implications it would be better to use our official reporting channel for security relevant topics, see https://pve.proxmox.com/wiki/Security_Reporting

Anyway, this is a feature from Bugzilla, users can follow other users and get all their notifications for public changes relayed.

Here this user does not follow you, but rather follows our common bugs@proxmox.com default assignee, and thus gets all notifications that the bugs@ users will get. It's definitively a bit of an odd/surprising BZ feature, but nothing problematic.
 
  • Like
Reactions: Johannes S and fstrankowski
t.lamprecht said:
No worries, better to be safe than sorry; albeit if you think there are potential security implications it would be better to use our official reporting channel for security relevant topics, see https://pve.proxmox.com/wiki/Security_Reporting

Anyway, this is a feature from Bugzilla, users can follow other users and get all their notifications for public changes relayed.

Here this user does not follow you, but rather follows our common bugs@proxmox.com default assignee, and thus gets all notifications that the bugs@ users will get. It's definitively a bit of an odd/surprising BZ feature, but nothing problematic.
Click to expand...
Should have checked rfc9116 for you (https://proxmox.com/.well-known/security.txt). My bad. Thanks for fast reply!
 
You must log in or register to reply here.
Top Bottom