Le jeudi 05 septembre 2019 à 08:09 -0400, Paul Frields a écrit : > Off the top of my head... > > On Thu, Sep 5, 2019 at 7:43 AM Michael Scherer <mscherer@xxxxxxxxxx> > wrote: > > > Hi, > > > > so as I said in the meeting earlier toda^w yesterday, we (or rather > > Jason) did copy the prod instance to a staging instance on > > https://fedoramagstg.wpengine.com/ > > > > However, it seems we can't add a vhost for that instance, which is > > less > > than ideal, as I need now to change the name everywhere. > > > > So, while doing so, I also had a few questions: > > > > - as staging tend to be forgotten, would it be ok to password > > protect > > the website so it can be safely protected from worm until we need > > it ? > > > > Yes. > > > > If so, where should it be stored, the goal being just to avoid > > automated scanning (so I was think some easy passwords in the doc, > > since the goal is just to prevent potential automated attacks) ? > > > > Not sure what you mean here -- you mean put the passwords in a doc > somewhere? Yup, I know that best practice is to encrypt etc, but there is a administrative cost in doing so if there is no infra to store such passwords safely, so I would just propose to add that in the public documentation, and say "the staging instance is protected from automated scanner with "foo"/"password"". That's slightly less worst than having it directly exposed, but I am not sure there is anything interesting in the first place. The posts are public, there will be no web exposure (or any win in SEO or malware distribution) after a compromise (due to password protection). Worst case in case of compromise is that someone would just get a few emails, and I am not sure they can't be already harvested somewhere else in FAS anyway. > - how up to date do we want it to be regarding posts, etc ? > > (I think we can't do a regular automated sync easily, so if that's > > needed, I will have to find some way to automate that) > > > > Doesn't need to be sync'd all the time. If the current content is > needed we > can always ask. > > > > - do we want to have it plugged to the prod instance of FAS or the > > staging one ? > > (for now, that's the staging one) > > > Staging seems right to me. Ok, we need to keep that in mind if we sync again, this will be erased/forgotten. I will take care of that next week. -- Michael Scherer / He/Il/Er/Él Sysadmin, Community Infrastructure
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Fedora Magazine mailing list -- magazine@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to magazine-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/magazine@xxxxxxxxxxxxxxxxxxxxxxx
