Re: [Wikitech-l] Gerrit HTTP Token Auth re-enabled

25 Jun 2019

Echoing Brian, Thanks for the hard work once again paladox, and releng, your work does not
go unnoticed. Keep it up! 

--
Devin “Zppix” CCENT
Volunteer Wikimedia Developer
Africa Wikimedia Developers Member and Mentor
Volunteer Mozilla Support Team Member (SUMO)
Quora.com Partner Program Member
enwp.org/User:Zppix
**Note: I do not work for Wikimedia Foundation, or any of its chapters. I also do not work
for Mozilla, or any of its projects. ** 

...
  On Jun 24, 2019, at 7:59 PM, Bryan Davis
&lt;bd808(a)wikimedia.org&gt; wrote:

  On Mon, Jun 24, 2019 at 3:53 PM Tyler Cipriani
&lt;tcipriani(a)wikimedia.org&gt; wrote:

 Hi all!

 tl;dr: Gerrit HTTP token auth has been re-enabled. To use it you'll need to
 generate a token via your preferences page[0].

 Gerrit HTTP token auth was disabled in mid-march due to concerns about its
 implementation[1].

 Thanks to the work of Paladox and Gerrit upstream in Gerrit 2.15.14[2] we've
 re-enabled HTTP token authentication.

 I previously removed all HTTP auth tokens, so in order to use HTTP token auth
 you'll need to generate a fresh token via your preference page[0]

 Your Lowly Gerrit Fiddler,
 -- Tyler

 [0]. <https://gerrit.wikimedia.org/r/#/settings/http-password>
 [1]. <https://phabricator.wikimedia.org/T218750>
 [2]. <https://www.gerritcodereview.com/2.15.html#21514>  
 Thank you for the update Tyler and thank you to everyone who worked to
 clear the security concerns with the feature.

 I do not use it often, but being able to push patches to Gerrit from
 an untrusted location (like a project local Puppet master in a Cloud
 VPS project) with this workflow is pretty nice:
 * Generate a fresh password at
 https://gerrit.wikimedia.org/r/#/settings/http-password
 * Git push to gerrit over https with username/password auth
 * Regenerate a password at
 https://gerrit.wikimedia.org/r/#/settings/http-password to invalidate
 the password that was exposed to the untrusted instance/network

 Bryan
 -- 
 Bryan Davis              Wikimedia Foundation    &lt;bd808(a)wikimedia.org&gt;
 [[m:User:BDavis_(WMF)]] Manager, Technical Engagement    Boise, ID USA
 irc: bd808                                        v:415.839.6885 x6855

 _______________________________________________
 Wikitech-l mailing list
 Wikitech-l(a)lists.wikimedia.org
 https://lists.wikimedia.org/mailman/listinfo/wikitech-l 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [Wikitech-l] Gerrit HTTP Token Auth re-enabled