Page MenuHomePhabricator
Create Task
Maniphest T207295

Expose not-yet-live certs to clients so they can handle OCSP stapling
Closed, ResolvedPublic
Actions

Description

Related to T204997: certcentral: delay deployment of renewed certs to wait out skewed client clocks

<bblack> while we're on the certcentral stuff in general, another longer-term thing we'll have to eventually solve, related to the waiting-for-clock-skew period and such:
<bblack> is handling client-side integration of OCSP stapling reliably.  Which is going to mean shipping the client multiple certs when going through a renewal.
<bblack> (the old solution doesn't do any of this of course)
<bblack> the idea is that for OCSP stapling to work reliably, the client-https-service has to have the cert ahead of time, to run a local OCSP fetch and populate.
<bblack> so you can imagine a hypothetical model like:
<bblack> CC manages it more like a "set" of overlapping certs: the old one it's renewing well ahead of time, and the new renewal it has just-recently fetched from LE (but is perhaps not "live" yet, because we're waiting a day for clock skew before deployment)
<bblack> it could ship the whole set to the client (multiple files), and an indicator as to which is live
<bblack> so the old one would still be "live" initially while we wait clock skew, but having the new one sent over lets the client start prefetching OCSP data for it, so that later when it becomes live the OCSP is ready to go.
<bblack> there's probably like 10 ways to factor that out, and ? about how much of the state is managed client-side or CC-side

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+1 -48acme_chief: Clean old file based certificate files (2/2)
operations/puppetproduction+4 -0acme_chief: Clean old file based certificate files (1/2)
operations/puppetproduction+3 -3icinga: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+3 -3gerrit: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+2 -2exim: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+2 -2mirrors: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+5 -5lists: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+2 -2openldap: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+2 -2dumps: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+2 -2archiva: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+2 -2install: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+3 -3tendril: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+3 -3netbox: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+3 -3librenms: Switch to the directory based deployment used by acme-chief
operations/puppetproduction+30 -2acme_chief: Update acme_chief::cert resource to fetch several cert versions
operations/software/acme-chiefdebian+8 -0debian: Add release 0.13 to changelog
operations/software/acme-chiefdebian+2 -2Release 0.13
operations/software/acme-chiefmaster+2 -2Release 0.13
operations/software/acme-chiefdebian+242 -61acme-chief-api: Add support for puppet HTTP API search operation
operations/software/acme-chiefmaster+242 -61acme-chief-api: Add support for puppet HTTP API search operation
operations/software/acme-chiefmaster+396 -66acme-chief-api: Add support for puppet HTTP API search operation
operations/puppetproduction+1 -1acme_chief: Fix cert-sync.conf
operations/puppetproduction+9 -9acme-chief: Update certs-sync to mirror the new directory tree
operations/software/acme-chiefdebian+6 -0debian: Add release 0.11 to changelog
operations/software/acme-chiefdebian+4 -5debian: Replace live_certs and new_certs with certs
operations/software/acme-chiefdebian+2 -2Release 0.11
operations/software/acme-chiefdebian+231 -174acme-chief: Store certificates in unique directories
operations/software/acme-chiefmaster+2 -2Release 0.11
operations/software/acme-chiefmaster+231 -174acme-chief: Store certificates in unique directories
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Vgutierrez mentioned this in rOSAC72100f947c01: acme-chief-api: Add support for puppet HTTP API search operation.Mar 7 2019, 3:43 PM
Vgutierrez mentioned this in rOSAC7e8a9d157bac: acme-chief-api: Add support for puppet HTTP API search operation.Mar 7 2019, 3:51 PM
gerritbot added a comment.Mar 12 2019, 9:36 AM

Change 495854 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme-chief: Update certs-sync to mirror the new directory tree

https://gerrit.wikimedia.org/r/495854

Vgutierrez mentioned this in rOSACe1520a36a865: acme-chief: Store certificates in unique directories.Mar 12 2019, 3:45 PM
Vgutierrez mentioned this in rOSACfbdf9a10d359: acme-chief-api: Add support for puppet HTTP API search operation.
Vgutierrez mentioned this in rOSACe341c447873a: acme-chief: Store certificates in unique directories.Mar 12 2019, 3:49 PM
Vgutierrez mentioned this in rOSAC4c0cffa6289b: acme-chief-api: Add support for puppet HTTP API search operation.
Vgutierrez mentioned this in rOSAC97738c010ad9: acme-chief: Store certificates in unique directories.Mar 13 2019, 7:15 AM
Vgutierrez mentioned this in rOSAC302f71f327b0: acme-chief: Store certificates in unique directories.
Vgutierrez mentioned this in rOSACa31b7425b1dd: acme-chief-api: Add support for puppet HTTP API search operation.
Vgutierrez mentioned this in rOSAC7885e9b7e945: acme-chief-api: Add support for puppet HTTP API search operation.
gerritbot added a comment.Mar 13 2019, 11:11 AM

Change 496148 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Update acme_chief::cert resource to fetch several cert versions

https://gerrit.wikimedia.org/r/496148

gerritbot added a comment.Mar 15 2019, 11:17 AM

Change 494956 merged by jenkins-bot:
[operations/software/acme-chief@master] acme-chief: Store certificates in unique directories

https://gerrit.wikimedia.org/r/494956

gerritbot added a comment.Mar 15 2019, 11:22 AM

Change 496753 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/acme-chief@master] Release 0.11

https://gerrit.wikimedia.org/r/496753

gerritbot added a comment.Mar 15 2019, 11:30 AM

Change 496753 merged by jenkins-bot:
[operations/software/acme-chief@master] Release 0.11

https://gerrit.wikimedia.org/r/496753

Vgutierrez mentioned this in rOSAC79be401d0eb5: Release 0.11.Mar 15 2019, 11:30 AM
gerritbot added a comment.Mar 15 2019, 11:33 AM

Change 496754 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/acme-chief@debian] acme-chief: Store certificates in unique directories

https://gerrit.wikimedia.org/r/496754

gerritbot added a comment.Mar 15 2019, 11:33 AM

Change 496755 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/acme-chief@debian] Release 0.11

https://gerrit.wikimedia.org/r/496755

Vgutierrez mentioned this in rOSACa719b7ba4be6: acme-chief: Store certificates in unique directories.Mar 15 2019, 11:34 AM
Vgutierrez mentioned this in rOSACedeeaf979872: Release 0.11.
gerritbot added a comment.Mar 15 2019, 11:38 AM

Change 496756 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/acme-chief@debian] debian: Replace live_certs and new_certs with certs

https://gerrit.wikimedia.org/r/496756

gerritbot added a comment.Mar 15 2019, 11:38 AM

Change 496757 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/acme-chief@debian] debian: Add release 0.11 to changelog

https://gerrit.wikimedia.org/r/496757

Vgutierrez mentioned this in rOSACe56950898bd4: debian: Replace live_certs and new_certs with certs.Mar 15 2019, 11:39 AM
Vgutierrez mentioned this in rOSACc6be6fd43cef: debian: Add release 0.11 to changelog.
Vgutierrez mentioned this in rOSACe718dcfb623c: debian: Add release 0.11 to changelog.Mar 15 2019, 11:45 AM
Vgutierrez mentioned this in rOSACbd43e24683c8: debian: Replace live_certs and new_certs with certs.
gerritbot added a comment.Mar 15 2019, 11:57 AM

Change 496754 merged by jenkins-bot:
[operations/software/acme-chief@debian] acme-chief: Store certificates in unique directories

https://gerrit.wikimedia.org/r/496754

gerritbot added a comment.Mar 15 2019, 11:57 AM

Change 496755 merged by jenkins-bot:
[operations/software/acme-chief@debian] Release 0.11

https://gerrit.wikimedia.org/r/496755

gerritbot added a comment.Mar 15 2019, 12:05 PM

Change 496756 merged by jenkins-bot:
[operations/software/acme-chief@debian] debian: Replace live_certs and new_certs with certs

https://gerrit.wikimedia.org/r/496756

gerritbot added a comment.Mar 15 2019, 12:05 PM

Change 496757 merged by jenkins-bot:
[operations/software/acme-chief@debian] debian: Add release 0.11 to changelog

https://gerrit.wikimedia.org/r/496757

Stashbot added a subscriber: Stashbot.Mar 18 2019, 8:58 AM

Mentioned in SAL (#wikimedia-operations) [2019-03-18T08:58:14Z] <vgutierrez> uploaded acme-chief 0.11 to apt.wikimedia.org (buster) - T207295

gerritbot added a comment.Mar 18 2019, 9:32 AM

Change 495854 merged by Vgutierrez:
[operations/puppet@production] acme-chief: Update certs-sync to mirror the new directory tree

https://gerrit.wikimedia.org/r/495854

gerritbot added a comment.Mar 18 2019, 9:39 AM

Change 497251 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Fix cert-sync.conf

https://gerrit.wikimedia.org/r/497251

gerritbot added a comment.Mar 18 2019, 9:42 AM

Change 497251 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Fix cert-sync.conf

https://gerrit.wikimedia.org/r/497251

gerritbot added a comment.Mar 18 2019, 9:50 AM

Change 494506 abandoned by Vgutierrez:
acme-chief-api: Add support for puppet HTTP API search operation

Reason:
Discarded in favor of I286e5b65ec574ea38336a31aeab52599558d5c84 and Ib8a40a049486bc0e4a861041e56d1451c8ecef71

https://gerrit.wikimedia.org/r/494506

Vgutierrez mentioned this in rOSAC8172fb95f586: acme-chief-api: Add support for puppet HTTP API search operation.Mar 18 2019, 10:22 AM
Vgutierrez mentioned this in rOSAC27f735eb8c03: acme-chief-api: Add support for puppet HTTP API search operation.Mar 18 2019, 10:55 AM
Vgutierrez mentioned this in rOSACd07d2bfbabd2: acme-chief-api: Add support for puppet HTTP API search operation.Mar 18 2019, 3:54 PM
gerritbot added a comment.Mar 19 2019, 2:57 AM

Change 497440 had a related patch set uploaded (by Alex Monk; owner: Vgutierrez):
[operations/software/acme-chief@debian] acme-chief-api: Add support for puppet HTTP API search operation

https://gerrit.wikimedia.org/r/497440

gerritbot added a comment.Mar 19 2019, 3:30 AM

Change 494957 merged by jenkins-bot:
[operations/software/acme-chief@master] acme-chief-api: Add support for puppet HTTP API search operation

https://gerrit.wikimedia.org/r/494957

gerritbot added a comment.Mar 19 2019, 3:36 AM

Change 497444 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/software/acme-chief@master] Release 0.12

https://gerrit.wikimedia.org/r/497444

gerritbot added a comment.Mar 19 2019, 3:33 PM

Change 497444 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/software/acme-chief@master] Release 0.13

https://gerrit.wikimedia.org/r/497444

gerritbot added a comment.Mar 19 2019, 3:38 PM

Change 497440 had a related patch set uploaded (by Alex Monk; owner: Vgutierrez):
[operations/software/acme-chief@debian] acme-chief-api: Add support for puppet HTTP API search operation

https://gerrit.wikimedia.org/r/497440

gerritbot added a comment.Mar 19 2019, 3:41 PM

Change 497440 merged by jenkins-bot:
[operations/software/acme-chief@debian] acme-chief-api: Add support for puppet HTTP API search operation

https://gerrit.wikimedia.org/r/497440

gerritbot added a comment.Mar 19 2019, 3:46 PM

Change 497444 merged by Vgutierrez:
[operations/software/acme-chief@master] Release 0.13

https://gerrit.wikimedia.org/r/497444

gerritbot added a comment.Mar 19 2019, 3:50 PM

Change 497527 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/software/acme-chief@debian] Release 0.13

https://gerrit.wikimedia.org/r/497527

gerritbot added a comment.Mar 19 2019, 3:54 PM

Change 497527 merged by jenkins-bot:
[operations/software/acme-chief@debian] Release 0.13

https://gerrit.wikimedia.org/r/497527

gerritbot added a comment.Mar 19 2019, 3:57 PM

Change 497532 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[operations/software/acme-chief@debian] debian: Add release 0.13 to changelog

https://gerrit.wikimedia.org/r/497532

gerritbot added a comment.Mar 19 2019, 4:05 PM

Change 497532 merged by jenkins-bot:
[operations/software/acme-chief@debian] debian: Add release 0.13 to changelog

https://gerrit.wikimedia.org/r/497532

Stashbot mentioned this in T218685: acme-chief creates absolute symlinks for "live" and relative for "new" on certificate renewal.Mar 19 2019, 4:45 PM
Stashbot mentioned this in T218418: CN + SNI list on config file doesn't match issued certificate on some scenarios.

Mentioned in SAL (#wikimedia-operations) [2019-03-19T16:45:15Z] <vgutierrez> uploaded acme-chief 0.14 to apt.wikimedia.org (buster) - T218685 T218418 T207295

gerritbot added a comment.Mar 20 2019, 9:53 AM

Change 496148 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Update acme_chief::cert resource to fetch several cert versions

https://gerrit.wikimedia.org/r/496148

Krenair mentioned this in rOSAC5fea4a32b78f: acme-chief-api: Add support for puppet HTTP API search operation.Mar 21 2019, 12:29 AM
Krenair mentioned this in rOSAC4d64bfb16dc3: Release 0.13.
Krenair mentioned this in rOSAC1910c0e957ef: debian: Add release 0.13 to changelog.
Krenair mentioned this in rOSAC3e40b7c718c7: acme-chief-api: Add support for puppet HTTP API search operation.
Vgutierrez mentioned this in rOSAC509944d54d3c: Release 0.13.Mar 21 2019, 12:29 AM
Krenair mentioned this in rOSAC29b55967fe2c: Release 0.13.Mar 21 2019, 12:29 AM
Krenair mentioned this in rOSACa6aeca087dfb: Release 0.13.
Krenair mentioned this in rOSACe9e1e71c687a: Release 0.13.
Krenair mentioned this in rOSAC32ef6ee66632: Release 0.12.
Krenair mentioned this in rOSACacc16d70afc7: acme-chief-api: Add support for puppet HTTP API search operation.
Stashbot added a comment.Mar 21 2019, 8:01 AM

Mentioned in SAL (#wikimedia-operations) [2019-03-21T08:01:35Z] <vgutierrez> deploying directory based certificates in acme-chief clients - T207295

gerritbot added a comment.Mar 21 2019, 8:02 AM

Change 496148 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Update acme_chief::cert resource to fetch several cert versions

https://gerrit.wikimedia.org/r/496148

gerritbot added a comment.Mar 21 2019, 2:53 PM

Change 498109 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] librenms: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498109

gerritbot added a comment.Mar 21 2019, 3:53 PM

Change 498109 merged by Vgutierrez:
[operations/puppet@production] librenms: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498109

gerritbot added a comment.Mar 22 2019, 10:14 AM

Change 498336 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] netbox: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498336

gerritbot added a comment.Mar 22 2019, 10:21 AM

Change 498336 merged by Vgutierrez:
[operations/puppet@production] netbox: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498336

gerritbot added a comment.Mar 22 2019, 10:29 AM

Change 498339 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] tendril: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498339

gerritbot added a comment.Mar 22 2019, 10:31 AM

Change 498339 merged by Vgutierrez:
[operations/puppet@production] tendril: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498339

gerritbot added a comment.Mar 22 2019, 10:39 AM

Change 498342 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] install: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498342

gerritbot added a comment.Mar 22 2019, 10:50 AM

Change 498342 merged by Vgutierrez:
[operations/puppet@production] install: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498342

gerritbot added a comment.Mar 25 2019, 6:54 AM

Change 498771 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] archiva: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498771

gerritbot added a comment.Mar 25 2019, 6:59 AM

Change 498771 merged by Vgutierrez:
[operations/puppet@production] archiva: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498771

gerritbot added a comment.Mar 25 2019, 7:09 AM

Change 498774 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] dumps: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498774

gerritbot added a comment.Mar 25 2019, 7:13 AM

Change 498774 merged by Vgutierrez:
[operations/puppet@production] dumps: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498774

gerritbot added a comment.Mar 25 2019, 7:30 AM

Change 498776 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] openldap: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498776

gerritbot added a comment.Mar 25 2019, 7:41 AM

Change 498776 merged by Vgutierrez:
[operations/puppet@production] openldap: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498776

gerritbot added a comment.Mar 25 2019, 8:22 AM

Change 498781 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] lists: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498781

gerritbot added a comment.Mar 25 2019, 11:34 AM

Change 498781 merged by Vgutierrez:
[operations/puppet@production] lists: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498781

gerritbot added a comment.Mar 25 2019, 11:43 AM

Change 498811 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] mirrors: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498811

gerritbot added a comment.Mar 25 2019, 2:41 PM

Change 498811 merged by Vgutierrez:
[operations/puppet@production] mirrors: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498811

gerritbot added a comment.Mar 25 2019, 2:47 PM

Change 498892 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] exim: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498892

gerritbot added a comment.Mar 25 2019, 2:52 PM

Change 498892 merged by Vgutierrez:
[operations/puppet@production] exim: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498892

gerritbot added a comment.Mar 25 2019, 3:05 PM

Change 498900 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] gerrit: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498900

gerritbot added a comment.Mar 25 2019, 3:09 PM

Change 498900 merged by Vgutierrez:
[operations/puppet@production] gerrit: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498900

gerritbot added a comment.Mar 25 2019, 3:16 PM

Change 498904 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] icinga: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498904

gerritbot added a comment.Mar 25 2019, 3:24 PM

Change 498904 merged by Vgutierrez:
[operations/puppet@production] icinga: Switch to the directory based deployment used by acme-chief

https://gerrit.wikimedia.org/r/498904

gerritbot added a comment.Mar 25 2019, 3:41 PM

Change 498920 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Clean old file based certificate files (1/2)

https://gerrit.wikimedia.org/r/498920

gerritbot added a comment.Mar 25 2019, 3:42 PM

Change 498921 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Clean old file based certificate files (2/2)

https://gerrit.wikimedia.org/r/498921

Stashbot added a comment.Mar 27 2019, 8:33 AM

Mentioned in SAL (#wikimedia-operations) [2019-03-27T08:33:02Z] <vgutierrez> disabling puppet in acme-chief clients to get rid safely of old TLS material - T207295

gerritbot added a comment.Mar 27 2019, 8:39 AM

Change 498920 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Clean old file based certificate files (1/2)

https://gerrit.wikimedia.org/r/498920

Stashbot added a comment.Mar 27 2019, 9:06 AM

Mentioned in SAL (#wikimedia-operations) [2019-03-27T09:06:50Z] <vgutierrez> puppet reenabled in acme-chief clients - T207295

gerritbot added a comment.Mar 27 2019, 9:18 AM

Change 498921 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Clean old file based certificate files (2/2)

https://gerrit.wikimedia.org/r/498921

Vgutierrez closed this task as Resolved.Mar 27 2019, 9:19 AM
Vgutierrez removed a project: Patch-For-Review.
Volans mentioned this in rOSACc905ce82f69c: acme-chief-api: Add support for puppet HTTP API search operation.Apr 5 2019, 11:13 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL