Both are not security vulnerabilities: either it is in an upstream project or it is due to the way Airflow can be used. PR is welcome for the second JIRA.
B. Verstuurd vanaf mijn iPad > Op 6 sep. 2018 om 11:07 heeft airflowuser > <airflowu...@protonmail.com.INVALID> het volgende geschreven: > > Another example: > https://issues.apache.org/jira/projects/AIRFLOW/issues/AIRFLOW-2283 > > Sent with [ProtonMail](https://protonmail.com) Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >> On September 3, 2018 10:20 AM, airflowuser <airflowu...@protonmail.com> >> wrote: >> >> Hi, >> I noticed you opened a disccusion about the neccesity of Gitter... >> I think the main problem is that unlike other open source projects with >> Airflow no one is monitoring the Jira. So people tend to report many stuff >> on the Gitter to get assistance. Sometimes answers are given but no one >> answer on the open tickets. >> >> Other projects hosted on GitHub or others always have someone reviewing new >> tickets and tag them. On airflow any user tag any thing he wishes.. there >> are no priorities. There are open tickets for version 1.7 which will >> probebly stay there forever. >> >> Airflow doesn't have this function in the team... no one monitor the Jira >> and so there are cases like this: >> [https://issues.apache.org/jira/projects/AIRFLOW/issues/AIRFLOW-1260](https://deref-gmx.com/mail/client/dzTsJ-2uKlU/dereferrer/?redirectUrl=https%3A%2F%2Fissues.apache.org%2Fjira%2Fprojects%2FAIRFLOW%2Fissues%2FAIRFLOW-1260) >> A report of security issue where no one see that. This could be nothing or >> it could be sirious but I think the Jira should be more than just a place to >> paste you commit notices. >> In other projects the comunnity handle security issues asap... no one wants >> his project to be hacked. >> >> May I suggest that the Jira is not very user-firendly... I think the GitHub >> issues section (which is disabled in this project) is better for discussion >> and bug reports. This can be used for questions as well and can also replace >> the Gitter. >> I noticed that many people submit PR and only then there is a disccution >> about the implemntation - the disscution should be done before... not >> eveyone are on mailing lists.. especialy new developers - you are limiting >> access to the project with this approch. See how many open PR are from >> 2017,2016... >> It's easier for first time commiters to choose a ticket which it's taged as >> "easy fix" and there was a disscution on it.. >> >> Thanks,
