Custom Query (196 matches)

People running Django on scripts.mit.edu are fairly likely to want to use certs to authenticate users. We should do something to make that easier --- an FAQ, automatically configuring it, etc.. ​http://snippets.scripts.mit.edu/gitweb.cgi/Scripts/git/.git/tree/refs/heads/master:/django/mit may be useful for this.

For various reasons, we should stop serving scripts.mit.edu/~username as roughly the same as username.scripts.mit.edu.

(We've known this for a while. Mostly I'm hoping to document what the blockers are here.)

Anders claims that the only thing left is checking if any Wordpresses think they're at scripts.mit.edu/~username, and if so fixing them.

Despite similarity in the names, #93 is unrelated.

At the moment, achernya has the apt repo signing key on his laptop. We should put it somewhere more useful.

See discussion 2011-09-09 on -c scripts -i apt.

1. Stick it in the locker
   1. Unencrypted (protected by AFS ACLs to scripts-root)
   2. Encrypted to maintainer's keys
2. Stick it on the hosts
3. Stick it on the Fedora guests
4. Stick it on some build VM or server
   1. scripts-owned hardware in SMR
   2. Shared (eg, zulu/magrathea)
5. Something else
6. Have each maintainer store it themselves

(3) is a bit silly. Other than that, I think they were all vaguely acceptable. One concern is whether a signed repo with a leaked key is worse than an unsigned repo (if it isn't, then being insecure is vaguely okay). (4) should ideally avoid having a single un-backed-up VM that needs to not vanish, by storing the key elsewhere.