Hello all. I am excited by the amount of enthusiasm I see in the community about the new site. Thanks.
There have been several inquiries about how to become an editor to the new site. We don't currently have a well-defined process to add new editors, but we will do our best to put our minds together and figure out what that should be.
Currently you can just send a request to the website team list or dev list. Please let us know what you would like for your username. If we "have an opening" for a new editor a password will be assigned to you. However, for security reasons we would like to not send this information through standard email. What I have done in the past is to put the login information on Box2 in the website user's home directory. I will ask you for an SSH key and add it to the website user's authorized_keys file on Box2. At that point you will be able to SCP the file down (or just SSH in to the box and read the file) to get your password.
I realize that is not an optimal process, but I don't think adding editors ought to be that optimal. It's just opens the site up to industrious hackers by sniffing emails.
If you think I am being too paranoid feel free to chastise me. If I am chastened enough perhaps I will change the process. Likewise, if you have a better idea how to add editors securely let me know.
-- Jason Rogers
"I am crucified with Christ: nevertheless I live; yet not I, but Christ liveth in me: and the life which I now live in the flesh I live by the faith of the Son of God, who loved me, and gave himself for me." Galatians 2:20
Hi Jason--
If possible, I recommend just using key-based authentication all the time (with ssh-agent, pageant on windoze, etc), and never using passwords. It works very well.
-C
On Tue, 2005-10-04 at 16:18 -0400, Jason Rogers wrote:
Hello all. I am excited by the amount of enthusiasm I see in the community about the new site. Thanks.
There have been several inquiries about how to become an editor to the new site. We don't currently have a well-defined process to add new editors, but we will do our best to put our minds together and figure out what that should be.
Currently you can just send a request to the website team list or dev list. Please let us know what you would like for your username. If we "have an opening" for a new editor a password will be assigned to you. However, for security reasons we would like to not send this information through standard email. What I have done in the past is to put the login information on Box2 in the website user's home directory. I will ask you for an SSH key and add it to the website user's authorized_keys file on Box2. At that point you will be able to SCP the file down (or just SSH in to the box and read the file) to get your password.
Please do not do this. This is not a good idea as you are giving these people access to the server and this must not be done without going through the Box Admins team.
I realize that is not an optimal process, but I don't think adding editors ought to be that optimal. It's just opens the site up to industrious hackers by sniffing emails.
I think you are being far far too paranoid here. Many websites send passwords by email. As long as the email is sent directly to the recipient and the information being secured is not too sensitive then there is no problem.
If you think I am being too paranoid feel free to chastise me. If I am chastened enough perhaps I will change the process. Likewise, if you have a better idea how to add editors securely let me know.
-- Jason Rogers
Consider yourself chastised. Send the password in a personal email directly to the recipient and the chance of their being a problem is so remotely low as to be insignificant. You keep backups right?
Ken
Aha. That was enough of a chastisement!! Thanks Ken.
I will do as you suggest
On 10/4/05, Ken Causey ken@kencausey.com wrote:
On Tue, 2005-10-04 at 16:18 -0400, Jason Rogers wrote:
Hello all. I am excited by the amount of enthusiasm I see in the community about the new site. Thanks.
There have been several inquiries about how to become an editor to the new site. We don't currently have a well-defined process to add new editors, but we will do our best to put our minds together and figure out what that should be.
Currently you can just send a request to the website team list or dev list. Please let us know what you would like for your username. If we "have an opening" for a new editor a password will be assigned to you. However, for security reasons we would like to not send this information through standard email. What I have done in the past is to put the login information on Box2 in the website user's home directory. I will ask you for an SSH key and add it to the website user's authorized_keys file on Box2. At that point you will be able to SCP the file down (or just SSH in to the box and read the file) to get your password.
Please do not do this. This is not a good idea as you are giving these people access to the server and this must not be done without going through the Box Admins team.
I realize that is not an optimal process, but I don't think adding editors ought to be that optimal. It's just opens the site up to industrious hackers by sniffing emails.
I think you are being far far too paranoid here. Many websites send passwords by email. As long as the email is sent directly to the recipient and the information being secured is not too sensitive then there is no problem.
If you think I am being too paranoid feel free to chastise me. If I am chastened enough perhaps I will change the process. Likewise, if you have a better idea how to add editors securely let me know.
-- Jason Rogers
Consider yourself chastised. Send the password in a personal email directly to the recipient and the chance of their being a problem is so remotely low as to be insignificant. You keep backups right?
Ken
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQBDQuv+//qOUj3eKgMRAht3AJ414TA9DCtKDITeiD8STf2f9zj6HwCfUoKj f5Y0N6M4C9DEGZci8lm20dk= =ozVT -----END PGP SIGNATURE-----
-- Jason Rogers
"I am crucified with Christ: nevertheless I live; yet not I, but Christ liveth in me: and the life which I now live in the flesh I live by the faith of the Son of God, who loved me, and gave himself for me." Galatians 2:20
squeak-dev@lists.squeakfoundation.org