Date: prev next · Thread: first prev next last
2020 Archives by date, by thread · List index

On Mon, 05 Oct 2020 at 12:47:54 +0200, William Gathoye (LibreOffice) wrote:
From a security and reliability POV wrt. AskBot, this is an urgent step

Depending on where you're coming from (AskBot user or moderator, infra
team, BoD, community at large) you might define urgency differently.
FWIW AskBot upstream is still contracted by TDF to maintain the instance
and last autumn I (painfully) upgraded the backend to an OS with 3 years
before EOL still so I fail to see the security threat.
Like mentioned here[1], please at least allow some time to your sysadmin
to export the DB and replace all users credentials to one user

Er passwords aren't the only the sensitive information… there are (off
hand) other things like email addresses, OAuth tokens, sessions tokens,
IPs tied to the activity log, etc.  Pruning that is cumbersome and error
prone, and users have not given consent for us to release that
information so again that's not a decision I'll take myself.  As written
in the link you mentioned there is an AskBot API you can use at will if
you're in a hurry :-)  Backporting the commit to add /api/v1/answers/
was trivial so the public API should now be enough for a complete
migration aside from account linking (which needs to be done by the
infra team anyway).  With the scrolling API it's even easy to fetch a
dozens page of questions/users, see .


To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
Privacy Policy:


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.