Hey all,
So, there are some instances where we have accounts on sites like twitter or deviantart where I or someone else may be the only person who has the password.
How do we want to go about centralizing, securing, yet sharing this info with those who need it?
Also, in the case of Twitter, since Conservancy had to provide the legal information to Twitter for us to get control of that account, a conservancy address is the password recovery mechanism. Personally, I actually like the feel of that. It seems appropriate that they serve in that protective role IMHO.
What are people's thoughts on this subject?
Cheers, Josh
On Tue, Oct 08, 2013 at 12:53:59PM -0700, Josh Andler wrote:
Hey all,
So, there are some instances where we have accounts on sites like twitter or deviantart where I or someone else may be the only person who has the password.
Yeah, I've got passwords for mailing lists as well.
How do we want to go about centralizing, securing, yet sharing this info with those who need it?
There must be a best practice; we're hardly the only FOSS project needing to manage passwords. Anyone seen how other projects handle it?
Also, in the case of Twitter, since Conservancy had to provide the legal information to Twitter for us to get control of that account, a conservancy address is the password recovery mechanism. Personally, I actually like the feel of that. It seems appropriate that they serve in that protective role IMHO.
What are people's thoughts on this subject?
Seems sensible. Have you talked with them about this?
Bryce
On Wed, Oct 9, 2013 at 8:54 PM, Bryce W. Harrington <b.harrington@...61...> wrote:
There must be a best practice; we're hardly the only FOSS project needing to manage passwords. Anyone seen how other projects handle it?
I've never talked to him before, but I'm kind of tempted to email Ton Roosendaal to see if he might have the time or inclination to give us some insight on how Blender handles these things.
Seems sensible. Have you talked with them about this?
I have not. I honestly didn't do this yet just because if people aren't interested, it's not worth wasting their time. If people are, the worst that can happen is that they say it's outside the scope of what they offer.
Cheers, Josh
On Wed, Oct 09, 2013 at 09:05:14PM -0700, Josh Andler wrote:
On Wed, Oct 9, 2013 at 8:54 PM, Bryce W. Harrington <b.harrington@...61...> wrote:
There must be a best practice; we're hardly the only FOSS project needing to manage passwords. Anyone seen how other projects handle it?
I've never talked to him before, but I'm kind of tempted to email Ton Roosendaal to see if he might have the time or inclination to give us some insight on how Blender handles these things.
I've seen a few references to some open source software called KeePass for shared secret management, but I know nothing about it.
http://en.wikipedia.org/wiki/KeePass
OTOH, I suppose we could keep it simple and just place them in a gpg encrypted text files (one file per password) located on some ssh server we all have access to.
Seems sensible. Have you talked with them about this?
I have not. I honestly didn't do this yet just because if people aren't interested, it's not worth wasting their time. If people are, the worst that can happen is that they say it's outside the scope of what they offer.
I seem to recall mentalguy asking about this some time ago, in association with the domain registration. Kees Cook and Ted Gould may also have some interest (or at least, they did in the past).
Why don't you go ahead and inquire. If it's not a service they provide, or if they don't do anything special we can set something up ourselves.
Bryce
On Fri, 2013-10-11 at 17:47 +0000, Bryce W. Harrington wrote:
On Wed, Oct 09, 2013 at 09:05:14PM -0700, Josh Andler wrote:
On Wed, Oct 9, 2013 at 8:54 PM, Bryce W. Harrington <b.harrington@...61...> wrote:
There must be a best practice; we're hardly the only FOSS project needing to manage passwords. Anyone seen how other projects handle it?
I've never talked to him before, but I'm kind of tempted to email Ton Roosendaal to see if he might have the time or inclination to give us some insight on how Blender handles these things.
I've seen a few references to some open source software called KeePass for shared secret management, but I know nothing about it.
http://en.wikipedia.org/wiki/KeePass
OTOH, I suppose we could keep it simple and just place them in a gpg encrypted text files (one file per password) located on some ssh server we all have access to.
Seems sensible. Have you talked with them about this?
I have not. I honestly didn't do this yet just because if people aren't interested, it's not worth wasting their time. If people are, the worst that can happen is that they say it's outside the scope of what they offer.
I seem to recall mentalguy asking about this some time ago, in association with the domain registration. Kees Cook and Ted Gould may also have some interest (or at least, they did in the past).
Why don't you go ahead and inquire. If it's not a service they provide, or if they don't do anything special we can set something up ourselves.
We do need a list of Inkscape resources: Relevant websites, IRC channels, etc. with who is in charge.
It's been my long-term wish to reclaim Planet Inkscape. Evidently, no one can currently moderate it (Alexandre has tried to but failed).
Tav
participants (3)
-
Bryce W. Harrington -
Josh Andler -
Tavmjong Bah