IRC log of #zope for Wednesday, 2015-02-25

« Tuesday, 2015-02-24 Index Thursday, 2015-02-26 »
*** m8 has joined #zope00:04
*** mpj17 has joined #zope00:14
*** Jan_Garaj3 has joined #zope00:20
*** chrstphrhrt has joined #zope01:04
*** J1m has quit IRC01:32
*** J1m has joined #zope01:33
*** m8 has quit IRC01:58
*** Jan_Garaj3 has quit IRC01:59
*** chrstphrhrt has quit IRC02:04
*** J1m has quit IRC02:21
*** mpj17 has quit IRC03:08
*** mpj17 has joined #zope03:09
*** MatthewWilkes has quit IRC03:16
*** MatthewWilkes has joined #zope03:20
*** benji has quit IRC03:35
*** jham has quit IRC03:35
*** gawel has quit IRC03:35
*** ree has quit IRC03:35
*** menesis has quit IRC03:35
*** mpj17 has quit IRC03:36
*** benji has joined #zope03:39
*** ree has joined #zope03:39
*** jham has joined #zope03:39
*** gawel has joined #zope03:39
*** benji has quit IRC03:40
*** jham has quit IRC03:40
*** gawel has quit IRC03:40
*** ree has quit IRC03:40
*** benji has joined #zope03:41
*** ree has joined #zope03:41
*** jham has joined #zope03:41
*** gawel has joined #zope03:41
*** mpj17 has joined #zope04:16
*** mpj17 has quit IRC04:27
*** mpj17 has joined #zope04:40
*** yvl has quit IRC04:42
*** mpj17 has quit IRC04:43
*** mpj17 has joined #zope04:43
*** mpj17 has quit IRC05:03
*** mpj17 has joined #zope05:03
*** mpj17 has quit IRC05:08
*** alecm has quit IRC06:21
*** povbot has joined #zope06:38
*** mgedmin has joined #zope06:39
*** alecm has joined #zope06:58
*** alecm has joined #zope06:58
*** alecm has quit IRC07:07
*** alecm has joined #zope07:07
*** alecm has quit IRC08:28
*** alecm has joined #zope08:33
*** alecm has joined #zope08:33
*** alecm has quit IRC08:51
*** alecm has joined #zope08:52
*** alecm has joined #zope08:52
*** alecm has quit IRC08:55
*** alecm has joined #zope08:56
*** alecm has joined #zope08:56
*** alecm has quit IRC09:07
*** alecm has joined #zope09:10
*** alecm has joined #zope09:10
*** __mac__ has joined #zope09:27
*** Jan_Garaj3 has joined #zope09:42
*** tisto has joined #zope09:54
*** do3cc has quit IRC10:06
*** do3cc has joined #zope10:12
*** MrTango has joined #zope10:16
*** giacomos has joined #zope10:30
*** bosim has joined #zope10:46
*** bosim has quit IRC10:59
*** maurits has joined #zope11:01
*** bosim has joined #zope11:02
*** Jan_Garaj3_ has joined #zope11:24
*** Jan_Garaj3 has quit IRC11:26
*** Jan_Garaj3_ has quit IRC11:29
*** menesis has joined #zope11:36
*** bosim has quit IRC11:41
*** bosim has joined #zope11:44
*** bosim has quit IRC11:44
*** jakke has joined #zope11:45
*** bosim has joined #zope11:49
*** KageSenshi has quit IRC12:35
*** m8 has joined #zope12:52
*** giacomos has quit IRC12:54
*** giacomos has joined #zope12:55
*** Jan_Garaj3 has joined #zope13:01
*** menesis has quit IRC13:42
*** MatthewWilkes has quit IRC13:44
*** Jan_Garaj3 has quit IRC13:45
*** KageSenshi has joined #zope13:49
*** __mac__ has quit IRC14:00
*** __mac__ has joined #zope14:02
*** __mac__ has joined #zope14:05
*** m8 has quit IRC14:43
*** MatzeWilkes has joined #zope14:52
*** menesis has joined #zope14:55
*** __mac__ has quit IRC15:00
*** J1m has joined #zope15:03
*** __mac__ has joined #zope15:04
*** __mac__ has quit IRC15:18
*** MrTango has quit IRC15:22
J1msm, di you know how to rescue the wiki?15:26
J1ms/di/do15:26
*** __mac__ has joined #zope15:29
*** projekt01 has joined #zope15:44
*** MrTango has joined #zope15:44
*** yvl has joined #zope15:55
*** Jan_Garaj3 has joined #zope16:44
*** tisto has quit IRC17:06
*** chrstphrhrt has joined #zope17:19
*** Jan_Garaj3 has quit IRC17:27
*** fdrake has quit IRC17:52
*** kseifried has joined #zope18:09
kseifriedHi I reported a security issue to security@zope.org, is that email box monitoeed at all? is there a better way to report a security issue?18:10
*** Jan_Garaj3 has joined #zope18:10
*** chrstphrhrt has quit IRC18:11
*** bosim has quit IRC18:13
*** Jan_Garaj3 has quit IRC18:16
kseifriedanyone know about the process to report a security flaw to zope?18:33
*** __mac__ has quit IRC18:50
*** projekt01 has quit IRC18:55
*** MrTango has quit IRC19:12
*** MatzeWilkes is now known as MatthewWilkes19:21
*** giacomos has quit IRC19:23
J1mkseifried, send to security-response@zope.org19:53
J1mThanks for reporting.19:53
kseifriedjl you guys need to put that email on your website/etc19:54
*** maurits1 has joined #zope20:02
*** maurits has quit IRC20:03
*** alecm has quit IRC20:16
*** alecm has joined #zope20:17
MatthewWilkesJ1m: Are we not using launchpad anymore?20:21
kseifriedJ1m / MatthewWilkes you guys need to put your security contact onto the zope web pages20:37
kseifriedI emailed security@ previously and assumed it was being ignored/no-one cared20:37
kseifriedand/or start using the security@ email since it appears to be active (doesn't bounce at least)20:37
MatthewWilkesJ1m: Can you edit the website?20:38
J1mkseifried, sorry20:38
*** Jan_Garaj3 has joined #zope20:38
J1mMatthewWilkes, I don't have any idea how to edit it.20:38
J1mIt may also be that there's another procedure.20:38
J1mzope.org infrastructure is a bit of a disaster.20:39
kseifriedit doesn't show up in google anywhere so... yeah.20:39
J1mkseifried, where did you find instructions for reporting security problems?20:40
kseifriedUI didn't20:40
kseifriedthat's the problem20:40
kseifriedso I used security@ hoping it would work, it didn't bounce so I assumed it's valid, but then no reply for a few days20:40
J1mOK< I'll see what I can find out. It won't be quick.20:40
kseifriedI wonder how many security reports you guys have sitting in that mailbox20:41
kseifriedanyways I eamiled security-response@, hopefully that is correct20:41
kseifriedif not I'll just post this publicly next week20:41
MatthewWilkeskseifried: Have you emailed security-response@ yet? I haven't seen anything come through20:41
MatthewWilkesah20:41
kseifriedI just did20:41
J1mMatthewWilkes, honestly, I'm not invoved in Zope development anymore, but I believe we're mograting to github trackers.20:41
kseifriedso github doesn't allow private bugs/issues so you really need a security contact email that works20:42
kseifriedand one that people can find20:43
*** maurits1 has quit IRC20:43
MatthewWilkesNothing has come through for me yet.20:44
kseifriedah it's broken20:45
kseifriedYour mail to 'Security-response' with the subject20:45
*** Jan_Garaj3 has quit IRC20:45
kseifriedIs being held until the list moderator can review it for approval.20:45
kseifriedThe reason it is being held:20:45
kseifried    Post by non-member to a members-only list20:45
MatthewWilkesoh, job20:45
MatthewWilkesjoy*20:45
MatthewWilkesI wonder who's a moderator to that20:45
kseifriedyou guys rprolly have a lot of lost security reports =(20:45
MatthewWilkesI don't know if anyone really uses Zope2 without Plone, but there's a decent chance20:46
MatthewWilkeskseifried: I'll send an email to the list to prod whoever's a moderator, but could you possibly email the Plone security team at security@plone.org or me personally ( matthew@matthewwilkes.co.uk - https://launchpad.net/~zope-security/+members ) - then I can at least forward it to the list and we can get this particular one looked at20:48
kseifriedhuh20:48
MatthewWilkesI know those are crappy solutions20:48
kseifriedMatthewWilkes honestly if it's well documented/advertised I don't care whom I have to email20:48
kseifriedemailing security@plone20:48
MatthewWilkeskseifried: Thanks, and sorry about this. Zope isn't really under active development anymore, but this shouldn't have slipped20:49
kseifriedmeh, it happens20:50
kseifriedin fairness I just cleaned out a lot of old junk from redhat and it was glorious =)20:50
kseifriedsent20:51
J1mI just moderated that message and set kseifried's messages to be unmoderated in the future.20:52
MatthewWilkeskseifried: Received20:52
J1mI moderate most lists :/, and generally get notified when I have something to do.20:53
J1mnfc what happens to security@zope.org.20:53
*** m8 has joined #zope21:03
*** Jan_Garaj3 has joined #zope21:06
*** menesis has quit IRC21:23
*** Jan_Garaj3 has quit IRC21:30
*** Jan_Garaj3 has joined #zope21:35
*** __mac__ has joined #zope21:59
*** __mac__ has quit IRC22:07
kseifriedJ1m hopefully I don't have to report more ;)22:11
*** __mac__ has joined #zope22:12
kseifriedJ1m is it on a unix box? default that may be forwarding to root22:12
kseifriedin /etc/aliases22:12
kseifriedyeah it's a debian box running postfix22:13
kseifriedso whomever you forward root@'s email to gets security@ stuff by default22:13
kseifriedJ1m so this issue is fixed, so I'll just report it to oss-security@ and ask Mitre for a public cve then ok?22:14
kseifriedthe xss thing that is22:14
*** __mac__ has quit IRC22:17
*** __mac__ has joined #zope22:17
*** MrTango has joined #zope22:28
*** menesis has joined #zope22:45
*** fdrake has joined #zope22:51
*** MrTango has quit IRC23:59
« Tuesday, 2015-02-24 Index Thursday, 2015-02-26 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!