Re: [libreoffice-website] Feedback on Discourse testing

On Mon, 05 Oct 2020 at 12:47:54 +0200, William Gathoye (LibreOffice) wrote:
> From a security and reliability POV wrt. AskBot, this is an urgent step
> IMHO.

Depending on where you're coming from (AskBot user or moderator, infra
team, BoD, community at large) you might define urgency differently.
FWIW AskBot upstream is still contracted by TDF to maintain the instance
and last autumn I (painfully) upgraded the backend to an OS with 3 years
before EOL still so I fail to see the security threat.
 
> Like mentioned here[1], please at least allow some time to your sysadmin
> to export the DB and replace all users credentials to one user

Er passwords aren't the only the sensitive information… there are (off
hand) other things like email addresses, OAuth tokens, sessions tokens,
IPs tied to the activity log, etc.  Pruning that is cumbersome and error
prone, and users have not given consent for us to release that
information so again that's not a decision I'll take myself.  As written
in the link you mentioned there is an AskBot API you can use at will if
you're in a hurry :-)  Backporting the commit to add /api/v1/answers/
was trivial so the public API should now be enough for a complete
migration aside from account linking (which needs to be done by the
infra team anyway).  With the scrolling API it's even easy to fetch a
dozens page of questions/users, see
https://github.com/ASKBOT/askbot-devel/blob/master/askbot/doc/source/api.rst .

-- 
Guilhem.

-- 
To unsubscribe e-mail to: website+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy