Commit 06e31dc1 authored by intrigeri's avatar intrigeri
Browse files

GitLab: document shortcoming of attachments

Closes: tails-team/gitlab-migration#63
parent a02ecf64
...@@ -225,6 +225,17 @@ A confidential issue is visible only by: ...@@ -225,6 +225,17 @@ A confidential issue is visible only by:
access; that is, for our [[!tails_gitlab tails/tails desc="main GitLab access; that is, for our [[!tails_gitlab tails/tails desc="main GitLab
project"]]: most past and present Tails contributors project"]]: most past and present Tails contributors
<div class="caution">
Only share the URL of an attachment with people you want to allow downloading
that file.
In contrast with Redmine, that enforced access control on attachments, with
GitLab, anyone can download <emph>any</emph> attachment if they know its URL.
This applies equally to attachments added to a confidential issue.
</div>
If your team regularly manipulates confidential data, then its issues live under If your team regularly manipulates confidential data, then its issues live under
a dedicated GitLab project, with a different set of members, and possibly a dedicated GitLab project, with a different set of members, and possibly
only visible to project members. only visible to project members.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment