From: Erich W. <wi...@cy...> - 2005-01-27 11:24:14
|
Hi All, is it possible to let mantis automatically encrypt it's email by gpg or = pgp? If mantis is used inside a company it often happens, that there are = market-critical infos inside the emails send by mantis. Regards Erich Willems PGP-Key: wi...@cy... (Keyservers) Key-Fingerprint: CB3A 79F6 261E 53EF C2C3 3A2C 29E0 3CF7 E6F2 FBFB Key-Id: 0xE6F2FBFB PGP-Key: er...@wi... (Keyservers) Key-Fingerprint: 0001 D1AF 0BB4 677A 7772 E10A 3B1D EC46 4CE3 7736 Key-Id: 0x4CE37736 |
From: David A. D. <de...@gn...> - 2005-01-28 15:43:25
|
> If mantis is used inside a company it often happens, that there are > market-critical infos inside the emails send by mantis. I don't see how anything in the Summary, Description, Steps-to-reproduce, or Additional information fields could be construed as "market critical". If it is, and your system is wide-open for public viewing, then you have other problems to solve, not related to Mantis. If this is the case, simply make a private project, assign only those who need access to it, and you're done. Only those who should have access to that project, can see it and log into it and have access to it. This is how I did it for SGI, Intel, HP contracts that were using Mantis to report their "public" kernel bug reports. The other solution, is to just use gpg and encrypt+armor your attachments, and attach them to the bug/incident in question. But now the problem is... whose public key do you use to encrypt the attachment? Do you have a public and private keypair that is "global" within your company (an ENORMOUS risk), or will you be re-encrypting each attachment for everyone that must read it? This is not a Mantis problem in any way that I can see, it sounds more like a Business Process or workflow problem. But maybe we don't have all the information. Can you be more specific about your needs? David A. Desrosiers de...@gn... http://gnu-designs.com |