From: Robert M. <rob...@gm...> - 2012-05-27 20:30:07
|
Trying to review the state of the current docs on http://www.mantisbt.org/docs/master-1.2.x/en/ I noticed they're quite stale. I would open up some issues related to infrastructure but I'm not that keen on having those inside the mantisbt project. What do you think about getting a 'mantisbt.org' or 'infrastructure' project where we collect this sort of thing like doc builds, CI, project requests etc? Robert On Wed, May 23, 2012 at 9:17 PM, Victor Boctor <vi...@fu...> wrote: > +1 to John's response. We should encourage having this API open with > sensible defaults. > > > On Wed, May 23, 2012 at 10:40 AM, John Reese <jo...@no...> wrote: >> >> On Wed, May 23, 2012 at 1:02 AM, Robert Munteanu >> <rob...@gm...> wrote: >> > I have one follow-up question though. Do you (all) think that we >> > should add a note to the post-installation steps regarding the SOAP >> > API being enabled by default and instructing the admins on how to >> > deactivate it if needed? There were some discussions in the mailing >> > list about disabling it by default and I think it's best to at least >> > avoid surprising the admins with an unknown point of entry. >> >> I think that as long as we have sensible defaults (read-only, requires >> login), then it shouldn't matter to the admin that it's enabled. >> However, I do think we should have a section in the documentation on >> how to configure the API: where to find its config file, what the >> options mean, what values are considered "safe" for public >> installations, etc. With safe defaults, the API shouldn't be some >> scary feature; bugs in it aren't any more powerful or exploitable than >> bugs in the web UI. >> >> Cheers >> >> -- >> John Reese >> noswap.com >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> mantisbt-dev mailing list >> man...@li... >> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > -- Sent from my (old) computer |