Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 534968

Summary: Consider permitting the creation of private/hidden repositories to address vulnerabilities
Product: Community Reporter: Wayne Beaton <wayne.beaton>
Component: Architecture CouncilAssignee: eclipse.org-architecture-council
Status: CLOSED MOVED QA Contact:
Severity: normal    
Priority: P3 CC: heidinga
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Whiteboard: stalebug
Bug Depends on:    
Bug Blocks: 510142    

Description Wayne Beaton CLA 2018-05-22 15:05:26 EDT 
At present, we really don't very many things that are not accessible to the public (the only thing that comes to mind is the ability to mark a Bugzilla record as "committers-only"). This is by design: as an open and transparent community, we actively avoid any notion of private.

As we engage in more runtime projects, vulnerabilities are going to become more common and having a means for a project team to engage collaboratively is likely going to be important.

I'd like to use this record to capture requirements and related issues.

* We need a means for a project team to work in Git out of public view.
* The public repositories must remain publicly accessible. That is, we can't just temporarily restrict access to existing repositories or development branches.
* All project committers have access.
* It must be short-lived (weeks, not months).

Input welcome.
Comment 1 Dan Heidinga CLA 2018-06-02 21:42:46 EDT 
Eclipse OpenJ9 would use this and frankly, needs private repos to be able to collaborate on security issues.

Our project collaborates on security fixes with the OpenJDK & AdoptOpenJDK communities.  This comes with requirements to not disclose the issues shared through these channels publicly before all members have been able to address them.

We need a way to temporarily hold back security patches from the public while still being able to build & test the changes.
Comment 2 Eclipse Genie CLA 2020-06-11 16:52:26 EDT 
This bug hasn't had any activity in quite some time. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet.

If you have further information on the current state of the bug, please add it. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.

--
The automated Eclipse Genie.
Comment 3 Frederic Gurr CLA 2021-12-23 06:44:28 EST 
This issue has been migrated to https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/382.