From metatracker at psf.upfronthosting.co.za Sun Sep 1 12:28:44 2013 From: metatracker at psf.upfronthosting.co.za (anatoly techtonik) Date: Sun, 01 Sep 2013 10:28:44 +0000 Subject: [Tracker-discuss] [issue474] User cannot register with bugs.python.org - no registration email In-Reply-To: <1344166684.75.0.267046432477.issue474@psf.upfronthosting.co.za> Message-ID: <1378031324.19.0.810116216114.issue474@psf.upfronthosting.co.za> anatoly techtonik added the comment: Closing. ---------- nosy: +techtonik status: chatting -> done-cbb _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Sun Sep 1 12:33:07 2013 From: metatracker at psf.upfronthosting.co.za (anatoly techtonik) Date: Sun, 01 Sep 2013 10:33:07 +0000 Subject: [Tracker-discuss] [issue496] Update Roundup to 1.4.21 In-Reply-To: <1356823700.8.0.767986910654.issue496@psf.upfronthosting.co.za> Message-ID: <1378031587.91.0.893035327036.issue496@psf.upfronthosting.co.za> anatoly techtonik added the comment: +1 - tickets such as this should be generated automatically. ---------- nosy: +techtonik status: unread -> chatting _______________________________________________________ PSF Meta Tracker _______________________________________________________ From techtonik at gmail.com Wed Sep 25 17:56:08 2013 From: techtonik at gmail.com (anatoly techtonik) Date: Wed, 25 Sep 2013 18:56:08 +0300 Subject: [Tracker-discuss] Disallow: /msg* for http://bugs.python.org/robots.txt Message-ID: cc: tracker-discuss for comments, please reply to infra* Hi, I'd like to patch *http://bugs.python.org/robots.txt* with: Disallow: /msg* This should prevent indexing of individual messages, which are included on bug pages anyway. -- anatoly t. -------------- next part -------------- An HTML attachment was scrubbed... URL: From techtonik at gmail.com Wed Sep 25 18:02:53 2013 From: techtonik at gmail.com (anatoly techtonik) Date: Wed, 25 Sep 2013 19:02:53 +0300 Subject: [Tracker-discuss] Disallow: /msg* for http://bugs.python.org/robots.txt In-Reply-To: References: Message-ID: On Wed, Sep 25, 2013 at 6:56 PM, anatoly techtonik wrote: > cc: tracker-discuss for comments, please reply to infra* > > Hi, > > I'd like to patch *http://bugs.python.org/robots.txt* with: > > Disallow: /msg* > > This should prevent indexing of individual messages, which are included on > bug pages anyway. > To add more weight to it - here is the real user story. I needed to find bugs related to Ctrl-D handling on Windows. Unfortunately phrases like "Ctrl-D" are not indexed by Roundup search, so I used Google query: site:bugs.python.org ctrl-d Which gives bug pages as well as individual message pages, which is quite annoying. https://www.google.com/search?q=site%3Abugs.python.org+ctrl-d Adding /msg* links to robots.txt should fix that. -- anatoly t. -------------- next part -------------- An HTML attachment was scrubbed... URL: From stephen at xemacs.org Wed Sep 25 18:58:22 2013 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Thu, 26 Sep 2013 01:58:22 +0900 Subject: [Tracker-discuss] Disallow: /msg* for http://bugs.python.org/robots.txt In-Reply-To: References: Message-ID: <87fvss25zl.fsf@uwakimon.sk.tsukuba.ac.jp> anatoly techtonik writes: > cc: tracker-discuss for comments, please reply to infra > *Hi,I'd like to patch http://bugs.python.org/robots.txt?with: ?> > Disallow: /msg* > > This should prevent indexing of individual messages, which are > included on bug pages anyway. It might work that way, but it shouldn't. From the Robot Exclusion Standard: Disallow The value of this field specifies a partial URL that is not to be visited. This can be a full path, or a partial path; any URL that starts with this value will not be retrieved. For example, Disallow: /help disallows both /help.html and /help/index.html[.] So just Disallow: /msg is presumably what you want. From techtonik at gmail.com Wed Sep 25 19:09:54 2013 From: techtonik at gmail.com (anatoly techtonik) Date: Wed, 25 Sep 2013 20:09:54 +0300 Subject: [Tracker-discuss] Disallow: /msg* for http://bugs.python.org/robots.txt In-Reply-To: <87fvss25zl.fsf@uwakimon.sk.tsukuba.ac.jp> References: <87fvss25zl.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: On Wed, Sep 25, 2013 at 7:58 PM, Stephen J. Turnbull wrote: > > It might work that way, but it shouldn't. From the Robot Exclusion > Standard: > > Disallow > > The value of this field specifies a partial URL that is not to be > visited. This can be a full path, or a partial path; any URL that > starts with this value will not be retrieved. For example, Disallow: > /help disallows both /help.html and /help/index.html[.] > > So just > > Disallow: /msg > > is presumably what you want. > Thanks for the hint. It is definitely works as confirmed by webmasters doc from one of the robot owners. https://developers.google.com/webmasters/control-crawl-index/docs/robots_txt -- anatoly t. -------------- next part -------------- An HTML attachment was scrubbed... URL: From metatracker at psf.upfronthosting.co.za Sat Sep 28 07:23:56 2013 From: metatracker at psf.upfronthosting.co.za (anatoly techtonik) Date: Sat, 28 Sep 2013 05:23:56 +0000 Subject: [Tracker-discuss] [issue525] OpenID support for Meta Tracker Message-ID: <1380345836.73.0.770228338214.issue525@psf.upfronthosting.co.za> New submission from anatoly techtonik: This tracker support login with OpenID or central pydotorg account. ---------- messages: 2779 nosy: techtonik priority: wish status: unread title: OpenID support for Meta Tracker _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Sat Sep 28 07:24:50 2013 From: metatracker at psf.upfronthosting.co.za (anatoly techtonik) Date: Sat, 28 Sep 2013 05:24:50 +0000 Subject: [Tracker-discuss] [issue525] OpenID support for Meta Tracker Message-ID: <1380345890.89.0.515121917062.issue525@psf.upfronthosting.co.za> New submission from anatoly techtonik: This tracker should support OpenID login or login with pydotorg account. _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Sat Sep 28 07:26:43 2013 From: metatracker at psf.upfronthosting.co.za (anatoly techtonik) Date: Sat, 28 Sep 2013 05:26:43 +0000 Subject: [Tracker-discuss] [issue525] OpenID support for Meta Tracker In-Reply-To: <1380345890.89.0.515121917062.issue525@psf.upfronthosting.co.za> Message-ID: <1380346003.22.0.960833369151.issue525@psf.upfronthosting.co.za> anatoly techtonik added the comment: User Story: I want one-click login with my GMail or Python account. _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Sat Sep 28 07:46:00 2013 From: metatracker at psf.upfronthosting.co.za (anatoly techtonik) Date: Sat, 28 Sep 2013 05:46:00 +0000 Subject: [Tracker-discuss] [issue526] Title search is broken. Need to upgrade to 1.5.0 Message-ID: <1380347160.79.0.287104872021.issue526@psf.upfronthosting.co.za> New submission from anatoly techtonik: Search in bug titles is case sensitive for PostreSQL. This is fixed in 1.5.0 - http://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt issue2550805 ---------- messages: 2782 nosy: techtonik priority: bug status: unread title: Title search is broken. Need to upgrade to 1.5.0 _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Sat Sep 28 07:57:03 2013 From: metatracker at psf.upfronthosting.co.za (anatoly techtonik) Date: Sat, 28 Sep 2013 05:57:03 +0000 Subject: [Tracker-discuss] [issue463] HTTPS only version for login for this tracker In-Reply-To: <1337666026.16.0.0159243982051.issue463@psf.upfronthosting.co.za> Message-ID: <1380347823.86.0.975322934586.issue463@psf.upfronthosting.co.za> anatoly techtonik added the comment: I don't use unique password and I believe the next competition organized by some not-well known hacker group may include some Python services just to measure the impact. I don't see any other way to raise the importance of such issues other than transforming them into personal experience. ---------- priority: wish -> urgent _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Sat Sep 28 08:02:42 2013 From: metatracker at psf.upfronthosting.co.za (anatoly techtonik) Date: Sat, 28 Sep 2013 06:02:42 +0000 Subject: [Tracker-discuss] [issue527] HTTPS / SSL / Secure access Message-ID: <1380348162.36.0.964046648568.issue527@psf.upfronthosting.co.za> New submission from anatoly techtonik: Now that FreeSSL provides accessible certificates, it is no longer a stumbling block to implement secure access to bugs.python.org What else needs to be done to make https://bugs.python.org working? ---------- messages: 2784 nosy: techtonik priority: critical status: unread title: HTTPS / SSL / Secure access _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Mon Sep 30 09:36:08 2013 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Mon, 30 Sep 2013 07:36:08 +0000 Subject: [Tracker-discuss] [issue527] HTTPS / SSL / Secure access In-Reply-To: <1380348162.36.0.964046648568.issue527@psf.upfronthosting.co.za> Message-ID: <1380526568.28.0.508877648371.issue527@psf.upfronthosting.co.za> Martin v. L?wis added the comment: What is FreeSSL, and how do I get them to issue a free certificate? ---------- nosy: +loewis status: unread -> chatting _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Mon Sep 30 14:47:45 2013 From: metatracker at psf.upfronthosting.co.za (Myroslav Opyr) Date: Mon, 30 Sep 2013 12:47:45 +0000 Subject: [Tracker-discuss] [issue527] HTTPS / SSL / Secure access In-Reply-To: <1380526568.28.0.508877648371.issue527@psf.upfronthosting.co.za> Message-ID: Myroslav Opyr added the comment: Hi, StartSSL used to offer Free SSL certificates for years already. The problems (issues to remember) with their certificates are: 1. Revocation is not free, thus it's better to keep key safe. 2. They can refuse to issue free certificate if they consider the certificate they are expected to issue to be used to protect financial transactions (or other commercial stuff), i.e. restrictions apply. 3. Free SSL certificate will contain an e-mail of person who requested the certificate 4. For Domain Control validation (mandatory check) one should have access to either of the e-mail addresses: postmaster at python.org, webmaster at python.org, hostmaster at python.org as they send e-mail with validation code to one of them. 5. Certificate is valid for 1 year only, and have to be reissued (no renewal, but reissuing, with same process like original one) not sooner then 14 days before previous expires. This can be inconvenient in case of some vacation schedules clash. 6. Account at StartSSL is protected with client SSL certificate, that should be taken care of the person requesting the Free SSL certificate, i.e. there is no "standard" login/password to share between PC/laptop, but client SSL certificate to export/backup/restore/import. One should not forget about that personal certificate renewal as well. Some of the items above become less inconvenient with their paid tiers, but we're talking about free SSL certificates. Regards, m. On Mon, Sep 30, 2013 at 10:36 AM, Martin v. L?wis < metatracker at psf.upfronthosting.co.za> wrote: > > Martin v. L?wis added the comment: > > What is FreeSSL, and how do I get them to issue a free certificate? > > ---------- > nosy: +loewis > status: unread -> chatting > > _______________________________________________________ > PSF Meta Tracker > > _______________________________________________________ > _______________________________________________ > Tracker-discuss mailing list > Tracker-discuss at python.org > https://mail.python.org/mailman/listinfo/tracker-discuss > ---------- nosy: +myroslav _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Mon Sep 30 14:53:31 2013 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Mon, 30 Sep 2013 12:53:31 +0000 Subject: [Tracker-discuss] [issue527] HTTPS / SSL / Secure access In-Reply-To: <1380348162.36.0.964046648568.issue527@psf.upfronthosting.co.za> Message-ID: <1380545611.71.0.704066549396.issue527@psf.upfronthosting.co.za> Martin v. L?wis added the comment: techtonik specifically asked for FreeSSL, so I still wonder what that is. I'm familiar with StartSSL, and the PSF infrastructure group indeed does have access to such certificates. The problem with the StartSSL certificate is that it has "python.org" as a subject alternative name, which is undesired due to the threat that arises from it if somebody breaks into bugs.python.org. _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Mon Sep 30 21:00:42 2013 From: metatracker at psf.upfronthosting.co.za (Myroslav Opyr) Date: Mon, 30 Sep 2013 19:00:42 +0000 Subject: [Tracker-discuss] [issue527] HTTPS / SSL / Secure access In-Reply-To: <1380545611.71.0.704066549396.issue527@psf.upfronthosting.co.za> Message-ID: Myroslav Opyr added the comment: Ah indeed, that Alternative name thing. Yes, this is not desirable side effect. It would be worth mentioning to StartSSL people as they are quite security savvy and such "escalation of privileges" should not be a side-effect of their free certificates. On Mon, Sep 30, 2013 at 3:53 PM, Martin v. L?wis < metatracker at psf.upfronthosting.co.za> wrote: > > Martin v. L?wis added the comment: > > techtonik specifically asked for FreeSSL, so I still wonder what that is. > > I'm familiar with StartSSL, and the PSF infrastructure group indeed does > have access to such certificates. The problem with the StartSSL certificate > is that it has "python.org" as a subject alternative name, which is > undesired due to the threat that arises from it if somebody breaks into > bugs.python.org. > > _______________________________________________________ > PSF Meta Tracker > > _______________________________________________________ > _______________________________________________________ PSF Meta Tracker _______________________________________________________