cvs commit: www/en/cgi Makefile query-pr.cgi querypr-code.cgi

Ceri Davies ceri at submonkey.net
Sat Nov 19 04:24:52 PST 2005 

On Sat, Nov 12, 2005 at 10:35:29AM -0700, M. Warner Losh wrote:
> In message: <20051112172425.GU94004 at submonkey.net>
>             Ceri Davies <ceri at submonkey.net> writes:
> : > > > No, just add f=raw to get the raw PR without markup.
> : > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=<PR#>&f=raw
> : > > >                                                 ^^^^^^
> : > > 
> : > > If you do that, then the address is in the PR header anyway, so where's
> : > > the problem? (yes, that elides the usefulness a little, but raw links
> : > > are not presented on the site and are therefore less spiderable).
> 
> <a little off-topic text deleted>
> 
> Ahem.  Gettback back on track...
> 
> I've had a couple of private suggestions sent to me.
> 
> The first is to create a raw-query-pr.cgi that will just serve up one
> PR in raw format with no links to this page.
> 
> The second is to add another parameter to query-pr that changes
> quarterly.  pass=bluestarts this quarter, pass=yellowdiamons next, etc
> (well, we wouldn't use the ingrediants to lucky charms as a
> password).  This level of security is the same that exist on certain
> invitation only IRC channels that are out there.  Someone has to tell
> you the password, and the password changes from time to time.  Since
> developer mail is project confidencial, I would guess it would be
> sufficient to email the new password once a quarter.

I have another idea.  Committers could add a world-readable
~/.querypr.pass to their home directories containing a string that
authenticates them for seeing email addresses.  Then we have some method
to "login" (ie, set a cookie) that lasts for a month.  That method just
checks that the string in the cookie matches the string in
~/.querypr.pass.

Anyway, I think that the general consensus is that the current code
thing sucks, so I agree that it should be backed out.

Ceri
-- 
Only two things are infinite, the universe and human stupidity, and I'm
not sure about the former.			  -- Einstein (attrib.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20051119/3046fb4f/attachment.bin

More information about the cvs-all mailing list