I've made a couple of small security-related changes to the tracker: 1. Closed issue 35. Issues with Severity = security are now only visible to users with the Reviewer or Admin roles. Neither the reporter of the issue nor users doing triage are exceptions: if you set the Severity to security and save, you will be told you don't have permission to view the bug. It also will not appear in summary listings (including search output). I don't plan to fix the issue with triage ever; you just will have to remember to do all the work on an issue that you plan to do before setting its Severity to security. I am of two minds as to whether it makes sense to make exceptions for the reporter. In general I think such discussion should take place in private email, anyway. If you think that there's a strong case for allowing the reporter to view his own security bugs, please create an issue and explain. Assign it to me. 2. Closed issue 499. The user list used to expose mildly sensitive data to the world, including phone numbers and email addresses. Current policy is that the user list presents only Username, Realname, and Organization, unless your User has the Admin or Reviewer roles. You can still get a user's principal email address by going to the User page, but not the alternate addresses. N.B. Per the new security policy, both the above issues are restricted. Comments on the above policies welcome. Also, if you have other requests to make regarding the tracker, now might be a good time because I'm getting acquainted with the Python code and the templating language again. _______________________________________________ XEmacs-Beta mailing list XEmacs-Beta(a)xemacs.org http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta