Re: developer database comments
On Fri, 21 Aug 1998 treacy@debian.org wrote:
> > James, since you were so responsive, some more comments. What is the
> > password on the front page? Which password is it? How do I get it?
> > If I lose it, how do I change it?
> >
> All passwords are currently set to 'test'. I'll probably set up a mail
> script to generate passwords for people who can use pgp but prefer
> the cgi interface. I'm not sure how to distribute passwords for the
> people who can't use pgp. Any ideas? If someone loses their password
> they will have to go through the database maintainer to get a new one.
>
> The entire database will be regenerated from scratch before it goes online
> so you don't have to worry about security yet. I'll put a link to a page
> explaining what is happening sometime soon.
>
> Basically, we need to finalize the format and check its design for security
> flaws. It's too bad this is being implemented before we switch to pgp as
> it has a much better interface.
You mean GPG, don't you?
I thought all developers had keys - otherwise, how do they upload? Or do
we have a special procedure for the French?
I'm not in it - is this because you're using an old data-set?
If the people who don't use PGP still use ssh, you could tell them you'll
put their new password in a file on their home dir on va. That's not
brillaintly secure, but it's probably better than email.
Jules
/----------------+-------------------------------+---------------------\
| Jelibean aka | jules@jellybean.co.uk | 6 Evelyn Rd |
| Jules aka | jules@debian.org | Richmond, Surrey |
| Julian Bean | jmlb2@hermes.cam.ac.uk | TW9 2TF *UK* |
+----------------+-------------------------------+---------------------+
| War doesn't demonstrate who's right... just who's left. |
| When privacy is outlawed... only the outlaws have privacy. |
\----------------------------------------------------------------------/
Reply to: