From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path:
Received: (qmail 29625 invoked by alias); 23 May 2003 16:49:10 -0000
Mailing-List: contact overseers-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Archive:
List-Post:
List-Help: ,
Sender: overseers-owner@sources.redhat.com
Received: (qmail 29589 invoked from network); 23 May 2003 16:49:09 -0000
Received: from unknown (HELO vexpert.dbai.tuwien.ac.at) (128.131.111.2)
by sources.redhat.com with SMTP; 23 May 2003 16:49:09 -0000
Received: from [128.131.111.60] (acrux [128.131.111.60])
by vexpert.dbai.tuwien.ac.at (Postfix) with ESMTP id 1AFA513787
for ; Fri, 23 May 2003 18:49:08 +0200 (CEST)
Date: Fri, 23 May 2003 16:49:00 -0000
From: Gerald Pfeifer
To: overseers@sources.redhat.com
Subject: Re: request for gcc web page maintainers
In-Reply-To: <20030523144237.GC5114@redhat.com>
Message-ID:
References: <20030515193927.GA8980@redhat.com>
<20030523144237.GC5114@redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-SW-Source: 2003-q2/txt/msg00181.txt.bz2
On Fri, 23 May 2003, Christopher Faylor wrote:
> It's much harder to fake mail than it is to type an address into a web
> page. There's no security in the web page at all.
The current web page is quote safe. The applicant only provides the
mail address of the approver which then is sent a URL with a cookie.
That way, if you see "Approved: gerald@pfeifer.com" you can be
sufficiently sure that it was me who approved the account, because a
malicious user can easily spoof mail from me, but he can hardly intercept
mail gcc.gnu.org send _to_ me and thus doesn't know the secret.
> However, the bottom line is that the process doesn't work the way it
> is apparently advertised to be working.
Well, _that's_ a good point. Unless someone steps forward to update the
form, I'm thus going to install the patch below.
> I was just trying to avoid getting spam here. Wouldn't it be obvious
> from context that an email address was being mentioned, even if the '@'
> was missing for some reason?
I just did that in the patch below. ;-)
Gerald
Index: cvswrite.html
===================================================================
RCS file: /cvs/gcc/wwwdocs/htdocs/cvswrite.html,v
retrieving revision 1.54
diff -u -3 -p -r1.54 cvswrite.html
--- cvswrite.html 21 May 2003 00:12:50 -0000 1.54
+++ cvswrite.html 23 May 2003 16:44:55 -0000
@@ -31,12 +31,8 @@ href="bugs/management.html">edit our bug
Authenticated access is provided via the SSH protocol. Please
-provide us with your public key, which you can generate via the
-ssh-keygen
program. This will store your public key in
-the file .ssh/identity.pub
in your home directory.
-Please use this form
-to supply the file and your other details.
+provide overseers (at) gcc.gnu.org
with your SSH public key
+which you can generate via the ssh-keygen
program.
Once we have this information we will set up an account on
gcc.gnu.org
and inform you by mail. At this point you