[CKAN-Security] Upcoming CKAN release -- Security patches?

Adrià Mercader adria.mercader at okfn.org
Wed Jun 26 10:10:16 UTC 2019


Hi Eric,

Thanks for reaching out, and many apologies that we didn't get back to
you on your original email. I don't know what happened but we
obviously failed to respond adequately.

The upcoming patch releases doesn't contain any API key related
changes. You raise some very valid points in your email and there have
been discussions around API key management refactoring for a while but
due to limited resources we haven't been able to work on that front.
Perhaps your employer can help fund work on this?

We can discuss the issue and come up with an implementation plan on
the next dev meeting (https://hack.allmende.io/ckan-meeting#) You are
more than welcome to join and discuss the issue with the tech team and
others (meetings are open to everyone)

Best,


Adrià

On Wed, 26 Jun 2019 at 11:51, Eric Soroos <eric at derilinx.com> wrote:
>
> Hi Adrià,
>
> I was wondering if you could tell me if the security issue that I raised on the security at ckan.org list on May 29 is going to be patched in the upcoming point releases?
>
> I haven't heard anything back from the CKAN org, and I'm worried about this one.
>
> Thanks
>
> eric
>
> Eric Soroos, Senior Developer
> Derilinx - Linked & Open Data Solutions
>
> Web: www.derilinx.com
> Email: eric at derilinx.com
> Address: 11/12 Baggot Court, Dublin 2, D02 F891
> Tel: +353 (0)1 254 4316
> Mob: +353 (0)83 8730257
> Twitter: @derilinx
>


More information about the Security mailing list