Apr 25, 2010:

6:33 AM Changeset [1545] by mitchb
Revert r1510. Back out to OpenAFS 1.4.11. 1.4.12 may not have been as much of a Nice Thing (TM) as we'd hoped. Since upgrading to it, our servers have been flapping on a more-than-daily basis, almost always due to bogus AFS lost contact messages, resulting in loads shooting up into the hundreds while the machines are stuck in IOwait. When this includes the server that contrib.scripts is on, the machine falls out of the pool. In all cases, it results in a service slowdown. Sometimes a reboot has been necessary because 'fs checks' doesn't always clear it up. While we haven't found a conclusive cause for the problems, they seem to point to AFS, and began happening the same night we upgraded to 1.4.12.

Apr 23, 2010:

11:14 PM Changeset [1544] by geofft
Revert "install-howto.sh: Unpushed commit from February 8" As Mitch pointed out, you only need the sketchiness described here if you're installing a package on a running system, and this document is about the initial install. It was also lacking in clarity and so useless. This reverts r1542.
4:17 AM Ticket #129 (Publish an SPF record for scripts.mit.edu / get scripts.mit.edu DNS ...) created by andersk
According to the …

Apr 20, 2010:

3:13 AM Changeset [1543] by geofft
aliases: Update root@scripts.mit.edu list to current maintainers
2:42 AM Changeset [1542] by geofft
install-howto.sh: Unpushed commit from February 8 Apparently I was having some fun...
12:47 AM Ticket #128 (Several tickets fail to display now (due to SensitiveTickets plugin bug)) created by andersk
Tickets #1 and #2 (at least) in this Trac are broken. We should fix …
12:20 AM Changeset [1541] by mitchb
SSL certificate and config for asa.mit.edu

Apr 16, 2010:

5:40 AM Changeset [1540] by mitchb
Two's company and three's a crowd, but have an orgy if you must Apache 2.2.15 includes support for RFC 5746, which specifies the TLS Renegotiation Indication Extension and fixes the protocol flaw that allows CVE-2009-3555. Unfortunately, secure renegotiations require support in both the server and the client, and so it will take some time until most webservers and most browsers have been upgraded to support this extension. While we want to support and enforce secure renegotiation for clients that are capable of it, and we want to encourage everyone to upgrade ASAP, refusing to renegotiate with clients that haven't yet gotten support would most likely break many sites for many users. This setting should be temporary, but it's not yet clear how long we may have to wait.
5:21 AM Changeset [1539] by mitchb
Upgrade to Apache 2.2.15 Also drop the CVE-2010-0434 patch which is now incorporated upstream.

Apr 11, 2010:

9:49 AM Changeset [1538] by mitchb
Renewed certificate for bc.mit.edu
6:38 AM Changeset [1537] by mitchb
Upstream krb5 update

Apr 10, 2010:

10:50 PM Ticket #127 (zephyr discussion of tickets should get cross-posted to RT) created by adehnert
Generally speaking, when I look at a ticket that's been around a …
9:16 PM Changeset [1536] by ezyang
Certificate and Apache config for quickprint.

Apr 8, 2010:

3:41 AM Changeset [1535] by mitchb
Update moira snapshot

Apr 7, 2010:

5:43 PM Ticket #126 (o hai i hacked ur servers) created by quentin
im a systems administrator and u suck
5:25 PM Ticket #125 (Set up issue tracking for private scripts.mit.edu Trac tickets) created by andersk
Keeping private issues in memory and secret zephyr classes is lossy. …

Apr 1, 2010:

5:57 AM Changeset [1534] by mitchb
Make procmail and cron try harder to actually mail the signup user At present, we try to set up the initial crontab or procmailrc to send mail to the user who signed a locker up for the cron or mail service by stripping off the @REALM from the Kerberos principal. We need to also strip non-null instances off to get the username. (If you're doing signups for lockers using machine or service principals, you ought to be able to fend for yourself.)
5:04 AM Ticket #124 (Update or punt phpical autoinstaller) created by adehnert
Our phpical installer is currently version 2.22, which appears to date …
5:01 AM Changeset [1533] by adehnert
Set a timezone for phpical (Trac: #5)

Mar 31, 2010:

7:26 PM Changeset [1532] by quentin
Add an index on scriptsVhostAccount, so that Pony's query will be happy

Mar 30, 2010:

3:09 AM Changeset [1531] by mitchb
Upstream openssh release bump

Mar 29, 2010:

12:18 AM Changeset [1530] by mitchb
Teach scripts-remove about locker.scripts.mit.edu URLs scripts-start learned about the new-style URLs long ago. Removals of autoinstalls should prompt you to fill in the URL you actually recognize your install as being at (and should attempt to unconfuse you if your install is from the old era). Also don't quit before declaring success if a database was dropped as part of the process. (Merge of r1221:1526 from branches/locker-dev to trunk, from adehnert)

Mar 28, 2010:

11:29 PM Changeset [1529] by mitchb
New certificate for tibetforum.mit.edu
3:58 AM Ticket #114 (better story for importing outside Django sites) closed by adehnert
fixed: I couldn't find the old instructions, so I wrote up a new set at …

Mar 27, 2010:

6:11 PM Changeset [1528] by andersk
trac: Mangle HTTP_REFERER to let the login link keep you on the same page.
6:11 PM Changeset [1527] by andersk
Import trac from production.

Mar 26, 2010:

7:29 AM Changeset [1526] by adehnert
Have a paren
7:17 AM Changeset [1525] by adehnert
Clearer message given some people could predate *.scripts
7:13 AM Changeset [1524] by mitchb
Kill off the $scriptsstar mess... mostly (It looks like onserver_star is still being used by gallery2)
7:11 AM Changeset [1523] by mitchb
Stop referring to the $scriptsstar mess
6:46 AM Changeset [1522] by mitchb
Make it possible to build packages that haven't been committed yet
6:21 AM Changeset [1521] by mitchb
Send cronjob mail to the user who signed up a locker by default Previously, we set up crontabs to send mail to lockername@mit.edu. This was fine when scripts didn't support non-user lockers. It's not necessarily a fine assumption in the case of group lockers that the address is appropriate (or even exists). We could send mail to the scripts user, but that only works if the user is signed up for mail_scripts. Instead, we'll default it to the user who signed the locker up for cron_scripts (the same logic mail_scripts uses for the initial procmailrc) and tell them to change it if it should go elsewhere when they set up their crontab. Also move the crontab template to bin instead of deploy so that it can be under revision control. Finally, correct a whitespace error in the ASCII art (reported by kaduk).
6:07 AM Changeset [1520] by mitchb
Copy initial production crontab to locker-dev branch
4:02 AM Changeset [1519] by mitchb
Upstream update of krb5 packages
Note: See TracTimeline for information about the timeline view.