GCC Bugzilla account creation configuration

GCC Bugzilla account creation configuration

[Joseph Myers]

Please make the following configuration changes to improve the situation 
with GCC Bugzilla account creation.

1. Give Jonathan Wakely and Richard Kenner editusers access, or whatever's 
needed for them to be able to create accounts.  We can consider other 
volunteers not currently involved in the community separately.

2. Either enable HTML email for overseers and disable any aggressive spam 
filtering for the list, or create a new mailing list 
gcc-bugzilla-account-request that accepts HTML email, generally has no 
aggressive spam filtering and otherwise has the normal list configuration.  
Subscribe the people with access to create accounts to that list.

3. Change the account creation form 
https://gcc.gnu.org/bugzilla/createaccount.cgi so that instead of saying 
"To create a GCC Bugzilla account, all you need to do is to enter a 
legitimate email address. You will receive an email at this address to 
confirm the creation of your account. You will not be able to log in until 
you receive the email. If it doesn't arrive within a reasonable amount of 
time, you may contact the maintainer of this Bugzilla installation at 
overseers@gcc.gnu.org." it says "Contact <address> to request an account.  
You should receive a response within 24 hours. Because of spam, it is not 
possible to create an account directly through this form.".  Leave all the 
subsequent text, in particular about email addresses being public.  If 
it's easy to remove the option to enter an email address there at all, 
then do so (of course people with editusers access still need to be able 
to create accounts, however that's done).  <address> should be 
overseers@gcc.gnu.org or gcc-bugzilla-account-request@gcc.gnu.org, 
whichever is used for account creation and accepts HTML email.

4. If it's hard to stop people entering email addresses into the form to 
request accounts, the wording of the message they get on submitting the 
form needs to change.  Change "Contact your administrator or the 
maintainer (overseers@gcc.gnu.org) for information about creating an 
account." to "Contact <address> to request an account. You should receive 
a response within 24 hours.", as on the form itself.  Remove "Please press 
Back and try again.", because it's not accurate.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: GCC Bugzilla account creation configuration

[Joseph Myers]

On Fri, 11 Aug 2017, Joseph Myers wrote:

> 2. Either enable HTML email for overseers and disable any aggressive spam 
> filtering for the list, or create a new mailing list 
> gcc-bugzilla-account-request that accepts HTML email, generally has no 
> aggressive spam filtering and otherwise has the normal list configuration.  
> Subscribe the people with access to create accounts to that list.

Note, regarding aggressive spam filtering: the filtering of messages with 
confidentiality disclaimers should be *disabled* for this list, so that 
people can just send email to it with their normal corporate email 
configuration, even if it involves such disclaimers, and that will just 
work.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: GCC Bugzilla account creation configuration

[Christopher Faylor]

On Fri, Aug 11, 2017 at 02:36:51PM +0000, Joseph Myers wrote:
>Please make the following configuration changes to improve the situation 
>with GCC Bugzilla account creation.
>
>1. Give Jonathan Wakely and Richard Kenner editusers access, or whatever's 
>needed for them to be able to create accounts.  We can consider other 
>volunteers not currently involved in the community separately.

I don't know how to do that so I'll defer to someone who does.

For now, gccadmin users, or anyone with login access to sourceware, can
run the 'bugzilla-createuser' command.  Usage:

/sourceware/infra/bin/bugzilla-createuser <email> <password>

>2. Either enable HTML email for overseers and disable any aggressive spam 
>filtering for the list, or create a new mailing list 
>gcc-bugzilla-account-request that accepts HTML email, generally has no 
>aggressive spam filtering and otherwise has the normal list configuration.  
>Subscribe the people with access to create accounts to that list.

I've created a gcc-bugzilla-account-request forwarder that is controlled
by the file (symlink) in ~gccadmin/bugzilla-account-request .  Add email
addresses to this file as you like.  This forwarder address will get
some spam checking but it will not block html mail or mail with
disclaimers.

I've added overseers to that file temporarily but it should be removed
once you have your process set up.

>3. Change the account creation form 
>https://gcc.gnu.org/bugzilla/createaccount.cgi so that instead of saying 
>"To create a GCC Bugzilla account, all you need to do is to enter a 
>legitimate email address. You will receive an email at this address to 
>confirm the creation of your account. You will not be able to log in until 
>you receive the email. If it doesn't arrive within a reasonable amount of 
>time, you may contact the maintainer of this Bugzilla installation at 
>overseers@gcc.gnu.org." it says "Contact <address> to request an account.  
>You should receive a response within 24 hours. Because of spam, it is not 
>possible to create an account directly through this form.".  Leave all the 
>subsequent text, in particular about email addresses being public.  If 
>it's easy to remove the option to enter an email address there at all, 
>then do so (of course people with editusers access still need to be able 
>to create accounts, however that's done).  <address> should be 
>overseers@gcc.gnu.org or gcc-bugzilla-account-request@gcc.gnu.org, 
>whichever is used for account creation and accepts HTML email.

I've added gccadmin to the 'apache' group so that you can cd to
/www/gcc/bugzilla and make changes as you like.  For now, I just changed
the owner field in data/params.json to gcc-bugzilla-account-request@gcc.gnu.org .

That directory is controlled by git so you may want to take that into
account when making changes.

>4. If it's hard to stop people entering email addresses into the form to 
>request accounts, the wording of the message they get on submitting the 
>form needs to change.  Change "Contact your administrator or the 
>maintainer (overseers@gcc.gnu.org) for information about creating an 
>account." to "Contact <address> to request an account. You should receive 
>a response within 24 hours.", as on the form itself.  Remove "Please press 
>Back and try again.", because it's not accurate.

See reply to 3.

cgf

Re: GCC Bugzilla account creation configuration

[Joseph Myers]

On Fri, 11 Aug 2017, Christopher Faylor wrote:

> >2. Either enable HTML email for overseers and disable any aggressive spam 
> >filtering for the list, or create a new mailing list 
> >gcc-bugzilla-account-request that accepts HTML email, generally has no 
> >aggressive spam filtering and otherwise has the normal list configuration.  
> >Subscribe the people with access to create accounts to that list.
> 
> I've created a gcc-bugzilla-account-request forwarder that is controlled
> by the file (symlink) in ~gccadmin/bugzilla-account-request .  Add email
> addresses to this file as you like.  This forwarder address will get
> some spam checking but it will not block html mail or mail with
> disclaimers.
> 
> I've added overseers to that file temporarily but it should be removed
> once you have your process set up.

Someone needs to add whatever the appropriate address for Richard Kenner 
is to it (and other people as appropriate, remembering that shell access 
is needed for creating accounts until editusers is set up).

> I've added gccadmin to the 'apache' group so that you can cd to
> /www/gcc/bugzilla and make changes as you like.  For now, I just changed
> the owner field in data/params.json to gcc-bugzilla-account-request@gcc.gnu.org .
> 
> That directory is controlled by git so you may want to take that into
> account when making changes.

I've edited both pages and committed the changes.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: GCC Bugzilla account creation configuration

[Christopher Faylor]

On Fri, Aug 11, 2017 at 05:22:09PM +0000, Joseph Myers wrote:
>On Fri, 11 Aug 2017, Christopher Faylor wrote:
>
>> >2. Either enable HTML email for overseers and disable any aggressive spam 
>> >filtering for the list, or create a new mailing list 
>> >gcc-bugzilla-account-request that accepts HTML email, generally has no 
>> >aggressive spam filtering and otherwise has the normal list configuration.  
>> >Subscribe the people with access to create accounts to that list.
>> 
>> I've created a gcc-bugzilla-account-request forwarder that is controlled
>> by the file (symlink) in ~gccadmin/bugzilla-account-request .  Add email
>> addresses to this file as you like.  This forwarder address will get
>> some spam checking but it will not block html mail or mail with
>> disclaimers.
>> 
>> I've added overseers to that file temporarily but it should be removed
>> once you have your process set up.
>
>Someone needs to add whatever the appropriate address for Richard Kenner 
>is to it (and other people as appropriate, remembering that shell access 
>is needed for creating accounts until editusers is set up).

You can add ssh keys to gccadmin's authorized_keys file.  No need for us
to give people shell access.

I've given you every conceivable privilege in bugzilla so you should be
able to give privileges to volunteers.

Re: GCC Bugzilla account creation configuration

[Joseph Myers]

On Fri, 11 Aug 2017, Christopher Faylor wrote:

> I've given you every conceivable privilege in bugzilla so you should be
> able to give privileges to volunteers.

Thanks.  We currently have 14 people (16 accounts) with editusers access 
(most not currently on the gcc-bugzilla-account-request alias).  I think 
we should be willing to give this access (and add to the alias) any 
reasonably established volunteers interested in helping with account 
creation.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: GCC Bugzilla account creation configuration

[Gerald Pfeifer]

On Fri, 11 Aug 2017, Joseph Myers wrote:
> Thanks.  We currently have 14 people (16 accounts) with editusers access 
> (most not currently on the gcc-bugzilla-account-request alias).  I think 
> we should be willing to give this access (and add to the alias) any 
> reasonably established volunteers interested in helping with account 
> creation.

I concur.

Thanks for pushing this, Joseph (and for your help, Christopher)!

Gerald

Re: GCC Bugzilla account creation configuration

[Frank Ch. Eigler]

Hi -

On Fri, Aug 11, 2017 at 06:11:18PM +0000, Joseph Myers wrote:
> [...]
> Thanks.  We currently have 14 people (16 accounts) with editusers access 
> (most not currently on the gcc-bugzilla-account-request alias).  I think 
> we should be willing to give this access (and add to the alias) any 
> reasonably established volunteers interested in helping with account 
> creation.

Having learned about bugzilla's limitations (that "editusers" is
"admin"-equivalent), and about how little qualification is being
required from volunteers, I no longer support this idea.  I don't much
like the status quo ante, but it seems less dangerous.

- FChE

Re: GCC Bugzilla account creation configuration

[Joseph Myers]

On Thu, 14 Sep 2017, Frank Ch. Eigler wrote:

> Hi -
> 
> On Fri, Aug 11, 2017 at 06:11:18PM +0000, Joseph Myers wrote:
> > [...]
> > Thanks.  We currently have 14 people (16 accounts) with editusers access 
> > (most not currently on the gcc-bugzilla-account-request alias).  I think 
> > we should be willing to give this access (and add to the alias) any 
> > reasonably established volunteers interested in helping with account 
> > creation.
> 
> Having learned about bugzilla's limitations (that "editusers" is
> "admin"-equivalent), and about how little qualification is being
> required from volunteers, I no longer support this idea.  I don't much
> like the status quo ante, but it seems less dangerous.

It was said that it shouldn't be hard to change Bugzilla locally so 
editusers can't change permission bits on users without having changing 
those bits explicitly enabled.  I don't know if anything has actually been 
done in that regard, however.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: GCC Bugzilla account creation configuration

[Frank Ch. Eigler]

Hi -

On Thu, Sep 14, 2017 at 12:33:07PM +0000, Joseph Myers wrote:

> [...]  It was said that it shouldn't be hard to change Bugzilla
> locally so editusers can't change permission bits on users without
> having changing those bits explicitly enabled.  [...]

Earlier testing indicated this has not been done, making the current
arrangement unacceptably dangerous.


- FChE

Re: GCC Bugzilla account creation configuration

[Frédéric Buclin via overseers]

Le 14. 09. 17 à 14:34, Frank Ch. Eigler a écrit :
>> [...]  It was said that it shouldn't be hard to change Bugzilla
>> locally so editusers can't change permission bits on users without
>> having changing those bits explicitly enabled.  [...]
> 
> Earlier testing indicated this has not been done, making the current
> arrangement unacceptably dangerous.


I don't know who said it shouldn't be hard to patch Bugzilla, but it
certainly wasn't me. I said it should be doable, which doesn't
necessarily means "easy". I didn't look at it yet.

David Edelsohn reaction was that "everyone is alert that we will be
watching". This sounded more like "no worry, we will be watching what
those power users do" than "please restrict power users privileges".

If the consensus is that we want to restrict privileges for those users,
then I will work on it. Depending on how invasive changes would be, I
could add a new "addusers" bit instead.

Frédéric

Re: GCC Bugzilla account creation configuration

[Joseph Myers]

[-- Attachment #1: Type: text/plain, Size: 858 bytes --]

On Fri, 15 Sep 2017, Frédéric Buclin via overseers wrote:

> If the consensus is that we want to restrict privileges for those users,
> then I will work on it. Depending on how invasive changes would be, I
> could add a new "addusers" bit instead.

My view is that we should restrict privileges for them.

(I don't think restriction is necessary for the editusers users who were 
already active in GCC development or sourceware administration.  For users 
with privileged access who used to be active but haven't been active for a 
long time, it may make sense to remove that access, whether it's 
privileged Bugzilla access or shell access to sourceware, but that's just 
on general security principles, and who should have privileged access is 
ultimately a matter for the sourceware and project leaders.)

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: GCC Bugzilla account creation configuration

[Joseph Myers]

[-- Attachment #1: Type: text/plain, Size: 507 bytes --]

On Thu, 14 Sep 2017, Joseph Myers wrote:

> On Fri, 15 Sep 2017, Frédéric Buclin via overseers wrote:
> 
> > If the consensus is that we want to restrict privileges for those users,
> > then I will work on it. Depending on how invasive changes would be, I
> > could add a new "addusers" bit instead.
> 
> My view is that we should restrict privileges for them.

I haven't seen any comments contradicting this, so I think you should take 
that as consensus.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: GCC Bugzilla account creation configuration

[Frédéric Buclin via overseers]

Le 03. 10. 17 à 23:47, Joseph Myers a écrit :
>> My view is that we should restrict privileges for them.
> 
> I haven't seen any comments contradicting this, so I think you should take 
> that as consensus.
> 

OK, I will work on it in the coming days.


Frédéric

Re: GCC Bugzilla account creation configuration

[Frédéric Buclin via overseers]

Le 03. 10. 17 à 23:47, Joseph Myers a écrit :
>> My view is that we should restrict privileges for them.
> 
> I haven't seen any comments contradicting this, so I think you should take 
> that as consensus.


I added a new 'addusers' permission to only create new accounts but not
play with existing ones nor to edit group membership. I managed to do
this without altering the upstream code (everything is in the GCC
extension).

This link lists users currently with editusers privileges:

https://gcc.gnu.org/bugzilla/editusers.cgi?action=list&grouprestrict=1&groupid=2

"Untrusted" users should have their privileges either revoked or moved
to the new 'addusers' group. Moreover, I would suggest that users who
haven't logged in in the last 3 years have their admin/editusers
privileges revoked too. This would affect 4 users:

Wolfgang Bangerth (2 accounts)
Daniel Berlin
Dara Hazeghi
Giovanni Bajo

Any objection?


Frédéric

Re: GCC Bugzilla account creation configuration

[Joseph Myers]

[-- Attachment #1: Type: text/plain, Size: 825 bytes --]

On Sat, 7 Oct 2017, Frédéric Buclin via overseers wrote:

> Le 03. 10. 17 à 23:47, Joseph Myers a écrit :
> >> My view is that we should restrict privileges for them.
> > 
> > I haven't seen any comments contradicting this, so I think you should take 
> > that as consensus.
> 
> 
> I added a new 'addusers' permission to only create new accounts but not
> play with existing ones nor to edit group membership. I managed to do
> this without altering the upstream code (everything is in the GCC
> extension).

Thank you!  I've moved the users who had editusers as Bugzilla account 
creation volunteers but weren't otherwise involved in GCC development to 
addusers.  I haven't done anything with the inactive users who were 
formerly more active in GCC development.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: GCC Bugzilla account creation configuration

[Gerald Pfeifer]

[-- Attachment #1: Type: text/plain, Size: 803 bytes --]

On Sat, 7 Oct 2017, Frédéric Buclin via overseers wrote:
> This link lists users currently with editusers privileges:
> 
> https://gcc.gnu.org/bugzilla/editusers.cgi?action=list&grouprestrict=1&groupid=2

Thank you!

> "Untrusted" users should have their privileges either revoked or moved
> to the new 'addusers' group. Moreover, I would suggest that users who
> haven't logged in in the last 3 years have their admin/editusers
> privileges revoked too. This would affect 4 users:
> 
> Wolfgang Bangerth (2 accounts)
> Daniel Berlin
> Dara Hazeghi
> Giovanni Bajo
> 
> Any objection?

No, I think that really only makes sense (to remove anyone who
has not even logged in for 3+ years, and indeed they have not 
been engaged with GCC at all for a while).

So, yes, please go ahead.

Thanks,
Gerald

Re: GCC Bugzilla account creation configuration

[Frédéric Buclin via overseers]

Le 04.03.18 à 00:09, Gerald Pfeifer a écrit :
> So, yes, please go ahead.


Done!


Frédéric