Editors for the new website

Jason Rogers jacaetevha at gmail.com
Tue Oct 4 21:15:19 UTC 2005 

Aha.  That was enough of a chastisement!!  Thanks Ken.

I will do as you suggest

On 10/4/05, Ken Causey <ken at kencausey.com> wrote:
> On Tue, 2005-10-04 at 16:18 -0400, Jason Rogers wrote:
> > Hello all.  I am excited by the amount of enthusiasm I see in the
> > community about the new site.  Thanks.
> >
> > There have been several inquiries about how to become an editor to the
> > new site.  We don't currently have a well-defined process to add new
> > editors, but we will do our best to put our minds together and figure
> > out what that should be.
> >
> > Currently you can just send a request to the website team list or dev
> > list.  Please let us know what you would like for your username.  If
> > we "have an opening" for a new editor a password will be assigned to
> > you.  However, for security reasons we would like to not send this
> > information through standard email.  What I have done in the past is
> > to put the login information on Box2 in the website user's home
> > directory.  I will ask you for an SSH key and add it to the website
> > user's authorized_keys file on Box2.  At that point you will be able
> > to SCP the file down (or just SSH in to the box and read the file) to
> > get your password.
>
> Please do not do this.  This is not a good idea as you are giving these
> people access to the server and this must not be done without going
> through the Box Admins team.
>
> > I realize that is not an optimal process, but I don't think adding
> > editors ought to be that optimal.  It's just opens the site up to
> > industrious hackers by sniffing emails.
>
> I think you are being far far too paranoid here.  Many websites send
> passwords by email.  As long as the email is sent directly to the
> recipient and the information being secured is not too sensitive then
> there is no problem.
>
> > If you think I am being too paranoid feel free to chastise me.  If I
> > am chastened enough perhaps I will change the process.  Likewise, if
> > you have a better idea how to add editors securely let me know.
> >
> > --
> > Jason Rogers
>
> Consider yourself chastised.  Send the password in a personal email
> directly to the recipient and the chance of their being a problem is so
> remotely low as to be insignificant.  You keep backups right?
>
> Ken
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQBDQuv+//qOUj3eKgMRAht3AJ414TA9DCtKDITeiD8STf2f9zj6HwCfUoKj
> f5Y0N6M4C9DEGZci8lm20dk=
> =ozVT
> -----END PGP SIGNATURE-----
>
>
>


--
Jason Rogers

"I am crucified with Christ: nevertheless I live; yet not I,
but Christ liveth in me: and the life which I now live in
the flesh I live by the faith of the Son of God, who loved
me, and gave himself for me."
    Galatians 2:20

More information about the Squeak-dev mailing list