[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [165] accessibility todo, with links to the mailing list
|
From: |
karl |
|
Subject: |
[Savannah-cvs] [165] accessibility todo, with links to the mailing list discussions |
|
Date: |
Fri, 10 Jul 2015 16:04:47 +0000 |
Revision: 165
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=165
Author: karl
Date: 2015-07-10 16:04:34 +0000 (Fri, 10 Jul 2015)
Log Message:
-----------
accessibility todo, with links to the mailing list discussions
Modified Paths:
--------------
trunk/sviki/Compromise2010.mdwn
trunk/sviki/FrontPage.mdwn
trunk/sviki/MonoToNe.mdwn
trunk/sviki/TasksList.mdwn
Modified: trunk/sviki/Compromise2010.mdwn
===================================================================
--- trunk/sviki/Compromise2010.mdwn 2015-06-28 21:14:23 UTC (rev 164)
+++ trunk/sviki/Compromise2010.mdwn 2015-07-10 16:04:34 UTC (rev 165)
@@ -85,3 +85,59 @@
there was no other account cracking
- 2010/12/01 11:00 UTC: restored write access
- 2010/12/02 08:02 UTC: web front-end improved and re-enabled
+
+Old
+---
+This is how Sylvain restored Savannah after the crack.
+
+- [X] Put services online using backup, except for password-based
+ ones (e.g. the web interface)
+- [X] Bring back web interface
+
+> - [X] Reset passwords
+> - [X] Fix SQL injection and look for potential others
+> - [X] Implement crypt support (like /etc/shadow, strong and
+> LDAP-compatible) hashes, with SHA-512
+> - [X] Implement salt generation with good entropy
+> - [X] Implement password strength enforcement
+> - [/] Implement Solar's suggestions
+>
([TODO](http://lists.gnu.org/mailman/private/savannah-hackers-private/2010-December/001984.html))
+> - [/] Implement logs-checking reporting tool (TODO: better init.d
+> support)
+> - [/] Implement on-login password rehash for MD5 and improperly
+> salted SHA-512
+>
+> > - Implemented rehashing for improperly salted hashes.
+>
+> - [X] Implement banner to warn people about changing password (on
+> login pages or all pages?)
+> - [X] Change TLS/https keys
+
+- [/] Audit changes between the 23th and the 27th to see what was
+ compromised - in progress
+
<http://lists.gnu.org/mailman/private/savannah-hackers-private/2010-December/002009.html>
+- [/] Colonialone:
+
+> - [X] move back dot files on colonialone.fsf.org
+> - [/] restore @savannah.gnu.org aliases replication from colo
+> (restored user syncaliases, now check if it works)
+> - [X] restore user svadmin -\> not restoring it since it can
+> access nothing in the new xen setup
+> - [ ] Drop users ward/peobo/bernie?
+> - [X] Change 2 failed disks
+
+- [/] savannah-backup:
+
+> - [X] enable backup cron
+> - [ ] add rsnapshot to keep history locally (rdiff seems to be too
+> long to extract backups); coordinate with
+> <mailto:address@hidden> so they backup the
+> latest backup online
+
+- [X] write post-mortem at [[Compromise2010]]
+- [X] restore GAP CVS repositories from latest backup
+- [X] restore avr-libc from latest backup
+ <http://savannah.gnu.org/support/?107537>
+- [X] fix sv.gnu.org DNSes - in progress
+
<http://lists.gnu.org/mailman/private/savannah-hackers-private/2010-December/002007.html>
+ -- "magically works for now"
Modified: trunk/sviki/FrontPage.mdwn
===================================================================
--- trunk/sviki/FrontPage.mdwn 2015-06-28 21:14:23 UTC (rev 164)
+++ trunk/sviki/FrontPage.mdwn 2015-07-10 16:04:34 UTC (rev 165)
@@ -77,7 +77,6 @@
- [[ApprovingSubmission]]
- [[FileFormats]]
- [[GnuOrgTranslationTeams]]
- - [[HowToBecomeASavannahHacker]]
- [[LicensingRequirements]]
- [[DocumentationFormats]]
- [[DocumentationNotices]]
@@ -165,13 +164,12 @@
- [[ZopeBackup]]
- [[SavannahTeam]]
+ - [[HowToBecomeASavannahHacker]]
- [[RecruitingVolunteers]]
- [[SavannahHacker]]
- [[SavannahHackersCommunication]]
- [[TasksList]]
- - [[CurrentTasks]]
- - [[MonoToNe]]
- [[SavaneTasks]]
- [[SavaneRewrite]]
- [[SvNTasks]]
Modified: trunk/sviki/MonoToNe.mdwn
===================================================================
--- trunk/sviki/MonoToNe.mdwn 2015-06-28 21:14:23 UTC (rev 164)
+++ trunk/sviki/MonoToNe.mdwn 2015-07-10 16:04:34 UTC (rev 165)
@@ -1,3 +1,5 @@
+(There are no request to support monotone and thus no plans to do so. --2015)
+
Monotone now probably can be used for mass hosting:
---------------------------------------------------
Modified: trunk/sviki/TasksList.mdwn
===================================================================
--- trunk/sviki/TasksList.mdwn 2015-06-28 21:14:23 UTC (rev 164)
+++ trunk/sviki/TasksList.mdwn 2015-07-10 16:04:34 UTC (rev 165)
@@ -1,56 +1,57 @@
-Stand-alone pages
+# Savannah Task List
-\* [[CurrentTasks]] describes what we're working on, usually has a
-higher priority \* [[CVS]] contains some tasks related to the CVS setup
-\* [[Git]] presents the progress with
-<http://git.or.cz/> support \* [[SvNTasks]] explains
-what we need to improve SVN \* [[SavaneTasks]] gives various ideas (easy
-and hard) to improve the Savane software which runs Savannah
+## Other pages
-System
+* [[CVS]] contains some tasks related to the CVS setup
+* [[Git]] presents the progress with <http://git.or.cz/> support
+* [[SvNTasks]] explains what we need to improve SVN
+* [[SavaneTasks]] gives various ideas (easy and hard) to improve the
+Savane software which runs Savannah
-\* Read-only bind mounts changed in recent kernel, and this results in
+## Web pages
+
+* Accessibility: this would be a good area for a new contributor to
+start on, since changes are independent and (some are) small.
+Many improvements were proposed:
+[public
thread](http://lists.gnu.org/archive/html/savannah-hackers/2015-06/msg00009.html),
+especially
+[this
message](http://lists.gnu.org/archive/html/savannah-hackers/2015-06/msg00009.html)
+and this [private
message](https://lists.gnu.org/mailman/private/savannah-hackers-private/2015-June/003007.html).
+
+## System
+
+* Read-only bind mounts changed in recent kernel, and this results in
/home being read-only when rebooting a vserver. Upgrade util-vserver or
-work-around. \* user katzchen is continously removed and recreated by
-the sv\_users cron job. Investigate. \* The Cacti CPU graph is
+work-around.
+* user katzchen is continously removed and recreated by
+the sv\_users cron job. Investigate.
+* The Cacti CPU graph is
apparently graphing "idle" when it's graphing "user". This makes people
believe the CPU is loaded, while it's not (cf. Munin CPU graph and the
anti-peak on march 4th when I artificially loaded the CPU)
-Documentation
+## Documentation
-\* Make a clear, simple, illustrated explanation of the use of SSH
+* Make a clear, simple, illustrated explanation of the use of SSH
public keys. That's not a very simple concept (PKI + keygen + passphrase
-+ ssh-agent + ssh-add + pros over password-authentication) \* Explain
-why we use [[CAcert]].org, and explain how to import the certificate
-using screenshots
++ ssh-agent + ssh-add + pros over password-authentication)
-[[DownloadArea]]
+## [[DownloadArea]]
-\* Suggest unifying alpha/ftp/download.sv. This could be easily done by
+* Suggest unifying alpha/ftp/download.sv. This could be easily done by
setting Savannah as the main upload area, and have it replicate signed
files to ftp.gnu.org and alpha.gnu.org (this involves adding a new
-download area for GNU projects). \* Per-project stats? e.g.
+download area for GNU projects).
+* Per-project stats? e.g.
<http://stats.gna.org/> (you can try to contact
<https://gna.org/p/admin> about it)
-[[WebPages]]
+## Internal
-\* Improve the quick-n-diry webpages sync-on-commit. commit\_prep is
-needed to that a multi-directories commit doesn't trigger multiple
-remote 'cvs checkout' at once. \* Add support for other targets
-directories, so we can properly host translations team at
-'www.gnu.org/server/standards/translations/country\_code/' \* Unified
-notification for www.gnu.org portions. Possible unified CVS repository,
-dunno, but in the long run I'd rather have project chose how they want
-to update their webspace, so this doesn't fit well.
-
-Internal
-
-\* document backing-up / fixing zope (Wiki + doc in the repository) \*
-We need to keep several pieces of information out of Savannah: \*
-contacts: get something automated to have your local copy in-sync \*
-password (TLS CA + Zope + Mailman - others can be found in savannah or
+* document backing-up
+* We need to keep several pieces of information out of Savannah:
+- contacts: get something automated to have your local copy in-sync
+- password (TLS CA + Zope + Mailman - others can be found in savannah or
mysql config files): make a script to maintain a crypted file that
contains the passes. Optionaly have the order of the passes scrambled at
each regeneration (so no assumption can be made on several successive
@@ -58,15 +59,13 @@
update. Optionaly do not put the passes in a file, but in each of our
brains, and scrap this whole idea.
-Mailing lists
+## Mailing lists
-\* Clean-up mailing lists from old spam
+* Clean-up mailing lists from old spam
<http://savannah.gnu.org/support/?103933>
-Translations
+## Translations
-* * * * *
-
Unlike one of our proprietary competitors, we do not have a translation
web interface. Installing Pootle
(<http://translate.sourceforge.net/>)
@@ -92,38 +91,43 @@
Tools to work with .po:
-\*
+
+*
<http://translate.sourceforge.net/wiki/toolkit/index>
- the Translate Toolkit, used by Pootle.
-\* <http://code.google.com/p/polib/> -
+
+* <http://code.google.com/p/polib/> -
.po parser
-\* <https://launchpad.net/pyg3t> -
+
+* <https://launchpad.net/pyg3t> -
<http://bazaar.launchpad.net/~k-nielsen81/pyg3t/trunk/files>
- only an initial code import
Other projects:
-\* TRAD-LANG:
-<http://eledo.com/article17.html> \*
+
+* TRAD-LANG:
+<http://eledo.com/article17.html>
+*
Entrans:
<http://entrans.sourceforge.net/demo/main.php>
-\* Poliglota:
+
+* Poliglota:
<https://tracker.gnulinuxmatters.org/wiki/Poliglota>
-\* CLWE:
-<http://www.wiki-translation.com/> \*
+
+* CLWE:
+<http://www.wiki-translation.com/>
+*
Ikiwiki: <http://ikiwiki.info/> (a native
translation plugin using po4a is under development)
-\* Down with Rosetta! (proprietary, used at Ubuntu Lanchpad)
-Assigned to:
+* Down with Rosetta! (proprietary, used at Ubuntu Lanchpad)
-Wiki
+## Wiki
-* * * * *
-
Provide a wiki for projects: problems include spam and replication for
2500+ projects. Or 1 big wiki for everybody, but we need to have a solid
spam protection first. The goal is to avoid setting up a wiki that will
@@ -150,7 +154,8 @@
Another discussion:
<http://lists.gnu.org/archive/html/savannah-hackers-public/2009-01/msg00003.html>
-\* Official .gnu.org webpages need to be validated by maintainers and
+
+* Official .gnu.org webpages need to be validated by maintainers and
their team - open wiki can be a problem
- Work-around: manual sync from temp wiki site to .gnu.org for the
@@ -159,24 +164,15 @@
Find a nice wiki for that, consuming little resource
-\* Or provide a big wiki for everybody
-\* Plan something against spam (TextCHA seems to work fine at the
-moment)
+* Or provide a big wiki for everybody
-#### subtopics:
-- [[MonoToNe]]
-- [[SavaneTasks]]
- - [[SavaneRewrite]]
+* Plan something against spam (TextCHA seems to work fine at the
+moment)
-- [[SvNTasks]]
-- [[WikiSpam]]
-- [[ZWikis]]
-- [[WebPages]]
+## Comments
-* * * * *
-
zodb size --simon, Sat, 13 Oct 2007 08:35:23 +0000
Hi Beuc.. zodb files get large, but that's just historical records
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [165] accessibility todo, with links to the mailing list discussions,
karl <=