Echoing Brian, Thanks for the hard work once again paladox, and releng, your work does not
go unnoticed. Keep it up!
--
Devin “Zppix” CCENT
Volunteer Wikimedia Developer
Africa Wikimedia Developers Member and Mentor
Volunteer Mozilla Support Team Member (SUMO)
**Note: I do not work for Wikimedia Foundation, or any of its chapters. I also do not work
for Mozilla, or any of its projects. **
On Jun 24, 2019, at 7:59 PM, Bryan Davis
<bd808(a)wikimedia.org> wrote:
On Mon, Jun 24, 2019 at 3:53 PM Tyler Cipriani
<tcipriani(a)wikimedia.org> wrote:
Hi all!
tl;dr: Gerrit HTTP token auth has been re-enabled. To use it you'll need to
generate a token via your preferences page[0].
Gerrit HTTP token auth was disabled in mid-march due to concerns about its
implementation[1].
Thanks to the work of Paladox and Gerrit upstream in Gerrit 2.15.14[2] we've
re-enabled HTTP token authentication.
I previously removed all HTTP auth tokens, so in order to use HTTP token auth
you'll need to generate a fresh token via your preference page[0]
Your Lowly Gerrit Fiddler,
-- Tyler
[0]. <https://gerrit.wikimedia.org/r/#/settings/http-password>
[1]. <https://phabricator.wikimedia.org/T218750>
[2]. <https://www.gerritcodereview.com/2.15.html#21514>
Thank you for the update Tyler and thank you to everyone who worked to
clear the security concerns with the feature.
I do not use it often, but being able to push patches to Gerrit from
an untrusted location (like a project local Puppet master in a Cloud
VPS project) with this workflow is pretty nice:
* Generate a fresh password at
https://gerrit.wikimedia.org/r/#/settings/http-password
* Git push to gerrit over https with username/password auth
* Regenerate a password at
https://gerrit.wikimedia.org/r/#/settings/http-password to invalidate
the password that was exposed to the untrusted instance/network
Bryan
--
Bryan Davis Wikimedia Foundation <bd808(a)wikimedia.org>
[[m:User:BDavis_(WMF)]] Manager, Technical Engagement Boise, ID USA
irc: bd808 v:415.839.6885 x6855
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l