Skip to end of banner
Go to start of banner

2023-10-12 Meeting notes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Date

Attendees

NamePresentplanned
absences

Craig McNally 

Y
Julian Ladisch 
Y

Axel Dörrer 


oct 12th & 26th
Ryan Berger 


Chris Rutledge 



Jakub Skoczen 



John Coburn 


Skott Klebe 






Discussion items

TimeItemWhoNotes
?Anything Urgent? Review the Kanban board?Team
  • ... 
?Hardcoded System User CredentialsTeam

From Julian in slack:

We still have modules that ship with default system users with hardcoded username and a hardcoded password. In all modules the sysop can configure a different username and a different password, however, it's possible that it's forgotten or that the config has a typo. GDPR requires security by default. A module should fail at startup when username or password configuration is missing. Then the user interface is forgiving and doesn't create an unintended security hole.

Notes:

  • Do JIRAs exist for the modules which still have default username/passwords? 
    • Not yet.
  • How many are we talking about here?  is it 1? 2? 8+?
    • Julian guesses it's probably around 8 or so.
  • Axel volunteered to help file some of these.

Updates:

  • 6 issues were filed by Axel Dörrer:
    • mod-pubsub
    • mod-search
    • mod-entities-links
    • mod-consortia
    • mod-inn-reach
    • mod-dcb
-New Critical issues identified by SnykTeam

mod-serials-management has two critical issues:

there's also a high:

We probably want to create JIRAs for these.  The MODSER JIRA project is applicable here, and they should be assigned to the K-Int team.

NOTE:  I don't think this is part of a flower release yet, and will not be part of Poppy, so not stop the world critical at this point, but will ne nice to have these filed.

Action items

  •  


  • No labels