Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Gitlab
Gitlab
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 29
    • Issues 29
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • External Wiki
    • External Wiki
  • Members
    • Members
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • The Tor Project
  • TPA
  • GitlabGitlab
  • Issues
  • #64

Closed
Open
Opened Aug 09, 2020 by Georg Koppen@gk

Disable email notifications for confidential bugs

I had opened #23 (closed) weeks ago for expressing my concern that confidential bugs may leak information as email notifications are sent in the clear. That issue got closed by adding respective warnings to the gitlab help, which is great.

However, as we see with tpo/applications/tor-browser#40075 this is not enough. We need to take a more proactive stance before we can use this important feature widely. At a minimum (which is the content of this issue) we should disable email notifications automatically for confidential bugs, so that reporters don't shoot themselves in the foot and accidentally harm our users.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: tpo/tpa/gitlab#64