[Twisted-Python] Changes to Twisted's Trac (GitHub Authentication)

Discussion:

Amber "Hawkie" Brown

2016-04-27 11:13:34 UTC

Hi everyone,

If you've ever had your password eaten by our Trac instance, had your comment rejected by spambayes, or seen the amount of effort it takes removing random nulls from our htpasswd files, rejoice! With https://github.com/twisted-infra/braid/pull/192 , we are moving our Trac instance to log in using GitHub OAuth. This should mean we solve the issue of keeping passwords (making you and us more secure), being able to turn off the spam filter (as we don't have anonymous ticket submittal, and github is better at catching spammers than we are), and hopefully cause less ongoing issues with passwords suddenly not working.

What this means for you is that your username and password will no longer work for logging into our Trac, you will need to authorise your GitHub login to access it. This means that you may have another username, please contact me privately and I will see what I can do about migrating any ticket histories over, if you feel like it is needed.

- Amber

Amber "Hawkie" Brown

2016-04-27 11:45:52 UTC

Permalink

I would like to note that this migration has now finished, and you can now log in via GitHub. Legacy logins have been disabled, and previous admin accounts (except for a current handful) have been revoked in the name of minimising our security surface; if you once had access to our Trac and would like to still use it, please let me know what your GitHub user account is, and I can set those permissions back up.

- Amber

Post by Amber "Hawkie" Brown
Hi everyone,
If you've ever had your password eaten by our Trac instance, had your comment rejected by spambayes, or seen the amount of effort it takes removing random nulls from our htpasswd files, rejoice! With https://github.com/twisted-infra/braid/pull/192 , we are moving our Trac instance to log in using GitHub OAuth. This should mean we solve the issue of keeping passwords (making you and us more secure), being able to turn off the spam filter (as we don't have anonymous ticket submittal, and github is better at catching spammers than we are), and hopefully cause less ongoing issues with passwords suddenly not working.
What this means for you is that your username and password will no longer work for logging into our Trac, you will need to authorise your GitHub login to access it. This means that you may have another username, please contact me privately and I will see what I can do about migrating any ticket histories over, if you feel like it is needed.
- Amber
_______________________________________________
Twisted-Python mailing list
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Glyph

2016-04-27 17:54:20 UTC

Permalink

Post by Amber "Hawkie" Brown
I would like to note that this migration has now finished, and you can now log in via GitHub. Legacy logins have been disabled, and previous admin accounts (except for a current handful) have been revoked in the name of minimising our security surface; if you once had access to our Trac and would like to still use it, please let me know what your GitHub user account is, and I can set those permissions back up.

Amazing! :-D.

I feel a disturbance in the force, as if a million spammers cried out, and were suddenly silenced :-).

-glyph

Hynek Schlawack

2016-04-28 05:37:05 UTC

Permalink

Post by Glyph

Amazing! :-D.
I feel a disturbance in the force, as if a million spammers cried out, and were suddenly silenced :-).

And even more importantly: the sigh of relief of hopefully million contributors that arenât kept out but spam filters and broken auth databases anymore!

Great work Hawkie!

Glyph

2016-04-28 05:42:18 UTC

Permalink

Post by Hynek Schlawack
Great work Hawkie!

Next step: DEATH TO SUBVERSION.

-glyph

anatoly techtonik

2016-05-02 13:16:11 UTC

Permalink

Post by Amber "Hawkie" Brown
I would like to note that this migration has now finished, and you can now
log in via GitHub. Legacy logins have been disabled, and previous admin
accounts (except for a current handful) have been revoked in the name of
minimising our security surface; if you once had access to our Trac and
would like to still use it, please let me know what your GitHub user account
is, and I can set those permissions back up.
Amazing! :-D.

Post by Amber "Hawkie" Brown
I feel a disturbance in the force, as if a million spammers cried out, and
were suddenly silenced :-).

More interesting is a disturbance caused by login fatigue relief for millions
of twisted users. =)

Itamar Turner-Trauring

2016-04-28 11:38:55 UTC

Permalink

♥

Kevin Horn

2016-05-01 19:02:07 UTC

Permalink

On Wed, Apr 27, 2016 at 6:13 AM, Amber "Hawkie" Brown <

Post by Amber "Hawkie" Brown
Hi everyone,
If you've ever had your password eaten by our Trac instance, had your
comment rejected by spambayes, or seen the amount of effort it takes
removing random nulls from our htpasswd files, rejoice! With
https://github.com/twisted-infra/braid/pull/192 , we are moving our Trac
instance to log in using GitHub OAuth. This should mean we solve the issue
of keeping passwords (making you and us more secure), being able to turn
off the spam filter (as we don't have anonymous ticket submittal, and
github is better at catching spammers than we are), and hopefully cause
less ongoing issues with passwords suddenly not working.
What this means for you is that your username and password will no longer
work for logging into our Trac, you will need to authorise your GitHub
login to access it. This means that you may have another username, please
contact me privately and I will see what I can do about migrating any
ticket histories over, if you feel like it is needed.
- Amber

Fantastic!

--
Kevin Horn