Page MenuHomePhabricator
Create Task
Maniphest T88731

svn.wikimedia.org security certificate expired
Closed, ResolvedPublic
Actions

Description

svn.wikimedia.org
Issued by: RapidSSL CA
Expired: Saturday 31 January 2015

Screen_Shot_2015-02-05_at_11.59.26.png (1,428×876 px, 100 KB)

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
svn: delete svn.wm.org SSL certoperations/puppetproduction+0 -30
delete svn.wikimedia.org SSL certoperations/puppetproduction+0 -30
Customize query in gerrit

Related Objects
Search...

Event Timeline

Krinkle created this task.Feb 5 2015, 8:00 PM
Krinkle raised the priority of this task from to High.
Krinkle updated the task description. (Show Details)
Krinkle added projects: acl*sre-team, Regression, WMF-General-or-Unknown.
Krinkle subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 5 2015, 8:00 PM
Aklapper added a comment.Feb 5 2015, 8:16 PM

@Krinkle: Sufficiently covered by T86655 already?

Dzahn added a subtask: T86655: Decommission svn.wikimedia.org server (import SVN into Phabricator).Feb 14 2015, 1:01 AM
Aklapper merged a task: T90440: Server certificate at <svn.wikimedia.org> expired on January 31, 2015.Feb 23 2015, 4:46 PM
Aklapper added a subscriber: Kghbln.
Dzahn subscribed.Mar 4 2015, 7:08 PM

let's close this as rejected, T86655 is happening instead

gerritbot subscribed.Mar 9 2015, 5:36 PM

Change 195310 had a related patch set uploaded (by Dzahn):
delete svn.wikimedia.org SSL cert

https://gerrit.wikimedia.org/r/195310

gerritbot added a project: Patch-For-Review.Mar 9 2015, 5:36 PM
gerritbot added a comment.Mar 10 2015, 7:28 PM

Change 195310 abandoned by Dzahn:
delete svn.wikimedia.org SSL cert

https://gerrit.wikimedia.org/r/195310

RobH removed a project: Patch-For-Review.Mar 12 2015, 7:52 PM
RobH set Security to None.
Krinkle added a subtask: T98723: Move svn.wikimedia.org behind misc-web.May 15 2015, 1:04 AM
Legoktm subscribed.May 15 2015, 1:04 AM

I just ran into this when someone linked to svn.wm.o in https://lists.wikimedia.org/pipermail/pywikipedia-l/2015-May/009287.html. I understand that we're migrating to phab, but what's the rationale for not renewing the SSL cert?

Krinkle added a comment.May 15 2015, 1:06 AM
In T88731#1286842, @Legoktm wrote:

I just ran into this when someone linked to svn.wm.o in https://lists.wikimedia.org/pipermail/pywikipedia-l/2015-May/009287.html. I understand that we're migrating to phab, but what's the rationale for not renewing the SSL cert?

Added blocker on T98723. We don't need to renew the cert if we just move it's svn viewer behind misc-web-eqiad, which uses the wildcard cert.

Dzahn added a comment.May 15 2015, 1:07 AM
In T88731#1286844, @Krinkle wrote:
In T88731#1286842, @Legoktm wrote:

I just ran into this when someone linked to svn.wm.o in https://lists.wikimedia.org/pipermail/pywikipedia-l/2015-May/009287.html. I understand that we're migrating to phab, but what's the rationale for not renewing the SSL cert?

Added blocker on T98723. We don't need to renew the cert if we just move it's svn viewer behind misc-web-eqiad, which uses the wildcard cert.

This has been suggested before but that only covers the web-part of it and breaks the actual svn protocol which apparently is still used as well.

Krinkle mentioned this in T98723: Move svn.wikimedia.org behind misc-web.May 15 2015, 1:09 AM
Krinkle closed subtask T98723: Move svn.wikimedia.org behind misc-web as Declined.
Dzahn added a comment.May 15 2015, 1:13 AM

also see https://phabricator.wikimedia.org/T83443#914052

ArielGlenn assigned this task to RobH.May 15 2015, 5:05 AM
ArielGlenn subscribed.

@RobH, I gave this to you since svn can't move behind misc web after all.

Kghbln unsubscribed.May 15 2015, 7:23 AM
RobH removed RobH as the assignee of this task.May 15 2015, 7:40 PM
RobH subscribed.

This is only valid still if T86655 is not valid anymore. As it appears still valid, this would be rejected.

RobH added a comment.May 15 2015, 7:46 PM

Addition: Only valid for long term, short term I suppose its annoying for folks still using SVN.

However, are we still really wanting to support SVN? It has been on the depreciation list for awhile now, and I think that is why this generally hasn't progressed. (We don't typically take a long time to order a certificate ;)

Reguyla added a project: Security-General.Jun 16 2015, 4:53 PM
Restricted Application added a subscriber: Matanya. · View Herald TranscriptJun 16 2015, 4:53 PM
Dzahn unsubscribed.Jun 16 2015, 4:54 PM
Krenair mentioned this in T102824: Clean up DNS/redirects for TLS.Jun 18 2015, 7:16 PM
Krenair subscribed.
Ricordisamoa subscribed.Jun 19 2015, 6:59 AM
Dzahn subscribed.Jun 25 2015, 8:33 PM
In T88731#1288890, @RobH wrote:

However, are we still really wanting to support SVN?

No :) It has been removed in T86655

Old SVN URLs now redirect (https://phabricator.wikimedia.org/T86655#1402012)

Dzahn added a comment.Jun 25 2015, 8:34 PM

svn.wikimedia.org points to general Apache cluster / text-lb for redirects.

So the certificate isn't an issue anymore and can be deleted.

svn.wikimedia.org has address 208.80.154.224
224.154.80.208.in-addr.arpa domain name pointer text-lb.eqiad.wikimedia.org.

gerritbot added a comment.Jun 25 2015, 8:39 PM

Change 220967 had a related patch set uploaded (by Dzahn):
svn: delete svn.wm.org SSL cert

https://gerrit.wikimedia.org/r/220967

gerritbot added a project: Patch-For-Review.Jun 25 2015, 8:39 PM
gerritbot added a comment.Jun 25 2015, 8:51 PM

Change 220967 merged by Dzahn:
svn: delete svn.wm.org SSL cert

https://gerrit.wikimedia.org/r/220967

Dzahn mentioned this in rOPUP9d61e7781195: svn: delete svn.wm.org SSL cert.Jun 25 2015, 8:51 PM
Dzahn closed this task as Resolved.Jun 25 2015, 8:54 PM
Dzahn claimed this task.

deleted cert from public repo, deleted key from private repo, shredd'ed and deleted key from antimony, deleted cert from antimony, delete sites-available/50-svn* from antimony

demon closed subtask T86655: Decommission svn.wikimedia.org server (import SVN into Phabricator) as Resolved.Jul 1 2015, 6:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits