++added: Savannah restoration -------------------- * ![X] Put services online using backup, except for password-based ones (e.g. the web interface) * ![X] Bring back web interface (code) * ![X] Reset passwords * ![X] Fix SQL injection and look for potential others * ![X] Implement crypt support (like /etc/shadow, strong and LDAP-compatible) hashes, with SHA-512 * ![X] Implement salt generation with good entropy * ![X] Implement password strength enforcement * ![X] Implement logs-checking reporting tool * ![/] Implement banner to warn people about changing password (on login pages or all pages?) * ![ ] change TLS/https keys * ![/] Audit changes between the 23th and the 27th to see what was compromised * ![ ] Colonialone: * ![ ] move back dot files on colonialone.fsf.org * ![ ] restore @savannah.gnu.org aliases replication from colo * ![ ] restore user svadmin * ![ ] savannah-backup: * ![ ] enable backup cron * ![ ] add rsnapshot to keep history locally (rdiff seems to be too long to extract backups); coordinate with [email protected] so they backup the latest backup online
---- -- forwarded from http://savannah.gnu.org/maintenance/currenttasks#[email protected]/maintenance _______________________________________________ Savannah-cvs mailing list [email protected] http://lists.gnu.org/mailman/listinfo/savannah-cvs
