I am figuring about it. As the JIRA have an special license for Open Source projects, I believe that is the better idea have two licenses and two indenpendent instances: One for my private projects and another for the Open Source projects.

Joao,

I took that approach for www.vxvista.orgthat is open source environment and then use paid license for internal commercial projects. It is better to have two licenses and two environments. Please keep in mind that plugins are following the license you have installed on the instance in use.

Keeping both environments will facilitate the honoring of the free open source license that you are getting from Atlassian.

Regards

Fabian

hello,

You can not mix the license type within a jira server

If you are using a JIRA Unlimited Users: Open Source License you may run into trouble with your paid plugin [1].

much simpler is to have two server , each one with the corresponding licenses (and security scheme) you can then just create an application link if required.

1 : there is open source licence for Jira Agile , Capture ..

Be very very careful with that approach - if you do it, then ANYONE can use your system. Read only access is ok, but if you allow any form of write then

1) You won't have any record of WHO is writing

2) You WILL be spammed if you put your system on the internet

Hello Nic,

as you know, permission scheme let you define what anonymous users can do withinh JIRA.

In my opinion, for example, anonyous users could create issue and in order to trace who did it, you can add some custom fields such User Email/User Name as mandatory fields.

In order to prevent spam, you could also insert a CAPTCHA on issue creation (provided by third part plugin https://marketplace.atlassian.com/plugins/ELVAC.JIRA.JTools)

Regards,

Fabio

Yes, I know, that's what permission schemes are for.

This doesn't add anything to my point that you can't track anonymous users. So what if you provide a field for an email address? You can put rubbish in it. Jira will still show "anonymous did X". If you allow anonymous to make comments, then you'll get a string of comments made by anonymous and no way of knowing if Alice, Bob or Charlie made them.

I'll say it again - if you allow anonymous write, you have no audit/tracking log. There's no way around the fact that you are not going to capture who is doing things.

I'd never recommend using anonymous write without thinking through the full implications of not being able to identify activity in your system.

Captcha might seem like it would help, and it'll stop the casual spammer, but Captcha farming costs pennies nowadays, and there's several programs out there that are nearly as good as humans.

I would never allow anonymous write on a public system. It can, and will be, spammed.

Thanks for the answers Nic and Fabio. I have a doubt about the anonymous access. An anonymous user can create an Issue and receive notifications about that issue?

It depends from Permission Scheme and Notification Scheme configured for that specific project.

Thanks Fabio. I believe that the best option is create two different instances - one for private projects and another for the open source and public project. That way I can leave the control design for reading, but for creating tickets I require the user to register.