[Board] [SAC] SSL Certificate Policy

Sandro Santilli strk at keybit.net
Sat May 7 00:11:52 PDT 2016

On Fri, May 06, 2016 at 04:54:33PM -0400, Jody Garnett wrote:
> Catching up on email, so if I understand correctly a trac plugin has been
> installed (so the issue is addressed?) but the attack is ongoing (because
> the internet is mean).

A plugin has been installed, but (1) needed to be enabled (2) needs to
be configured (3) need to be learned

I've handled enabling for all trac instances this morning, using a
global configuration [1]. I hadn't looked at possible configurations
and usage, but I believe spam filter configuration lives within the
database so cannot be shared using the global trac config.

Jurgen was looking at configuration yesterday, don't know what
he found. This morning I was reading up there's the possibility
to write a set of regexp to determine spam into a wiki page, but
I recommend project admins to read up the usage manual to understand
the various options [2].

One thing the plugin adds is a way to report content as being spam,
this is already enabled but will only be available to users having
TRAC_ADMIN permission unless more permissions are added. A whole new
set of permissions are added by the plugin, see [3]

I would actually love to have a single configuration for all of this,
but at the moment I don't see a way, unless we engage into hacking
the trac database to use foreign data wrappers, which sounds scary.

[1] https://lists.osgeo.org/pipermail/sac/2016-May/006753.html
[2] https://wiki.osgeo.org/wiki/Trac_Instances#Trac_Spam
[3] https://trac.edgewall.org/wiki/SpamFilter#Permissions


More information about the Board mailing list