2023-10-12 Meeting notes

Owned by Axel Dörrer
Last updated: Oct 12, 2023 by Craig McNally
1 min read

Date

Attendees

NamePresentplanned
absences

Craig McNally 

Y
Julian Ladisch 
YOct 19, 26th

Axel Dörrer 


Oct 12th & 26th
Ryan Berger 


Chris Rutledge 



Jakub Skoczen 



John Coburn 


Skott Klebe 






Discussion items

TimeItemWhoNotes
?Anything Urgent? Review the Kanban board?Team
  • ... 
?Hardcoded System User CredentialsTeam

From Julian in slack:

We still have modules that ship with default system users with hardcoded username and a hardcoded password. In all modules the sysop can configure a different username and a different password, however, it's possible that it's forgotten or that the config has a typo. GDPR requires security by default. A module should fail at startup when username or password configuration is missing. Then the user interface is forgiving and doesn't create an unintended security hole.

Notes:

  • Do JIRAs exist for the modules which still have default username/passwords? 
    • Not yet.
  • How many are we talking about here?  is it 1? 2? 8+?
    • Julian guesses it's probably around 8 or so.
  • Axel volunteered to help file some of these.

Updates:

  • 6 issues were filed by Axel Dörrer:
    • mod-pubsub
    • mod-search
    • mod-entities-links
    • mod-consortia
    • mod-inn-reach
    • mod-dcb
-New Critical issues identified by SnykTeam

mod-serials-management has two critical issues:

there's also a high:

We probably want to create JIRAs for these.  The MODSER JIRA project is applicable here, and they should be assigned to the K-Int team.

NOTE:  I don't think this is part of a flower release yet, and will not be part of Poppy, so not stop the world critical at this point, but will ne nice to have these filed.

Action items

  •