Page MenuHomePhabricator
Create Task
Maniphest T157761

use htpasswd instead of htdigest for arbcom archive passwords
Closed, DeclinedPublic
Actions

Description

In about 6 months from now or later, so in or after September 2017, do a password rotation of all the passwords for users to access the arbcom-l list archives.

This is about https://wikitech.wikimedia.org/wiki/Mailman#Alter_arbcom-l_archive_access_list and an example ticket where passwords were updated in the past is T157097.

We want to switch from using deprecated "htdigest" (which is for example not supported by nginx) to using "htpasswd" and rotate the passwords while doing that.

Coordinate this with @Jalexander

The waiting is because we _just_ switched new passwords for 9 of the 24 users and don't want to bother them with another change. But a regular rotation every 6 months or so seems reasonable and good for security.

Related Objects

Event Timeline

Dzahn created this task.Feb 10 2017, 2:26 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 10 2017, 2:26 AM
Dzahn added a subscriber: faidon.Feb 10 2017, 2:27 AM
Dzahn updated the task description. (Show Details)Feb 10 2017, 2:31 AM
Ottomata assigned this task to Dzahn.Mar 6 2017, 7:36 PM
Ottomata triaged this task as Medium priority.
Ottomata subscribed.

Just triaging, feel free to re-assign

Dzahn removed Dzahn as the assignee of this task.EditedMar 6 2017, 7:39 PM

Yea, this will be done but it's supposed to happen not until September and i don't want to hold on to it until then. Most likely it will be me but it's free for all too. Ideally there'd be a "remind me on $date" feature in Phabricator for these.

Aklapper added a comment.Sep 5 2017, 12:43 PM
In T157761#3076941, @Dzahn wrote:

Yea, this will be done but it's supposed to happen not until September and i don't want to hold on to it until then. Most likely it will be me but it's free for all too. Ideally there'd be a "remind me on $date" feature in Phabricator for these.

@Dzahn: I hereby remind you that it is September. :P (And there is a "deadline" beta functionality in Phabricator now.)

Dzahn claimed this task.Sep 6 2017, 5:31 PM

Oh, thanks @Aklapper :) yep

Jalexander added a comment.EditedSep 6 2017, 6:46 PM

FTR this can get held off for now (or even just closed as rejected). We're transitioning away from Mailman for this list. Handling the archives that currently remain will be decided after.

Dzahn added a subscriber: eliza.Sep 6 2017, 7:15 PM

ok, thanks @Jalexander ! @eliza told me about it and i was about to set it to stalled for that reason

Dzahn changed the task status from Open to Stalled.Sep 6 2017, 10:44 PM
Dzahn lowered the priority of this task from Medium to Low.
Dzahn closed this task as Declined.Sep 8 2017, 8:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL