On 14/04/2014 22:02, sebb wrote: > On 14 April 2014 21:34, Mark Thomas <ma...@apache.org> wrote: >> On 14/04/2014 20:45, Tim Whittington wrote: >>> >>> On 15/04/2014, at 1:26 am, Christopher Schultz >>> <ch...@christopherschultz.net> wrote: >>> >>>> Mark, >>>> >>>> On 4/13/14, 10:29 AM, Mark Thomas wrote: >>>>> On 13/04/2014 08:18, Christopher Schultz wrote: >>>>>> Mark, >>>>>> >>>>>> On 4/13/14, 10:10 AM, Mark Thomas wrote: >>>>>>> On 13/04/2014 08:09, Christopher Schultz wrote: >>>>>>>> All, >>>>>>>> >>>>>>>> I've taken the liberty of creating a Heartbleed info page on >>>>>>>> the wiki. I'm going to add a mention of it under the "Not a >>>>>>>> vulnerability in Tomcat" section for the security pages for >>>>>>>> Tomcats 6, 7, and 8. >>>>>>> >>>>>>> And tc-native please. >>>>>>> >>>>>>>> Shall I also add something to the home page as well? Or shall >>>>>>>> we just roll that into the upcoming announcement of tcnative >>>>>>>> 1.1.30? I kind of think it should do with the tcnative >>>>>>>> announcement, but Mladen hasn't yet closed the vote, published >>>>>>>> the build, etc. and I wanted to get something up sooner rather >>>>>>>> than later. >>>>>>> >>>>>>> +1 to the native announcement. >>>>>>> >>>>>>>> Does anyone have any suggestions for how to proceed? >>>>>>> >>>>>>> Your plan looks good to me. >>>>>> >>>>>> Okay, good. I've updated the Tomcat security info (will do >>>>>> tcnative soon). Once I've done that, what's the process to actually >>>>>> refresh the website? I re-built and committed the .html files from >>>>>> svn already. >>>>> >>>>> That is all you need to do. The site should update a few seconds later. >>>> >>>> Great, I can see my updates posted, now. >>>> >>>> I neglected to change my password in the open window set by the infra >>>> team, so it's been reset. The web-based reset tool isn't working for me >>>> so I sent a message to r...@apache.org explaining the situation. I >>>> haven't heard back, yet. >>>> >>>> So I'm a little stuck until I can get a password reset. I can access >>>> people.apache.org with my ssh2 key. Is this something you might be able >>>> to goose-along? >>>> >>> >>> http://id.apache.org/reset/ worked for me, but it might require a GPG key >>> registered in your profile (my reset came GPG encrypted). >> >> id.a.o does not require GPG but if you have a public key set then it >> will always use it. If you have lost your private key and forgotten your >> password root can remove the key from the ID if you ask nicely. >> >> The alternative is to ssh to people.a.o with you ssh key and use passwd. > > Did not know about that option. > Should that be added here [1] ? > > I'm happy to update the page if so.
Probably not as it does require you to know the old password. It is more useful if your account is locked. Mark > > [1] https://www.apache.org/dev/infra-contact#regain-account > >> Mark >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org