Editors for the new website

Ken Causey ken at kencausey.com
Tue Oct 4 20:54:22 UTC 2005


On Tue, 2005-10-04 at 16:18 -0400, Jason Rogers wrote:
> Hello all.  I am excited by the amount of enthusiasm I see in the
> community about the new site.  Thanks.
> 
> There have been several inquiries about how to become an editor to the
> new site.  We don't currently have a well-defined process to add new
> editors, but we will do our best to put our minds together and figure
> out what that should be.
> 
> Currently you can just send a request to the website team list or dev
> list.  Please let us know what you would like for your username.  If
> we "have an opening" for a new editor a password will be assigned to
> you.  However, for security reasons we would like to not send this
> information through standard email.  What I have done in the past is
> to put the login information on Box2 in the website user's home
> directory.  I will ask you for an SSH key and add it to the website
> user's authorized_keys file on Box2.  At that point you will be able
> to SCP the file down (or just SSH in to the box and read the file) to
> get your password.

Please do not do this.  This is not a good idea as you are giving these
people access to the server and this must not be done without going
through the Box Admins team.

> I realize that is not an optimal process, but I don't think adding
> editors ought to be that optimal.  It's just opens the site up to
> industrious hackers by sniffing emails.

I think you are being far far too paranoid here.  Many websites send
passwords by email.  As long as the email is sent directly to the
recipient and the information being secured is not too sensitive then
there is no problem.

> If you think I am being too paranoid feel free to chastise me.  If I
> am chastened enough perhaps I will change the process.  Likewise, if
> you have a better idea how to add editors securely let me know.
> 
> --
> Jason Rogers

Consider yourself chastised.  Send the password in a personal email
directly to the recipient and the chance of their being a problem is so
remotely low as to be insignificant.  You keep backups right?

Ken
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20051004/3769dcc6/attachment.pgp


More information about the Squeak-dev mailing list