On 14/04/2014 20:45, Tim Whittington wrote: > > On 15/04/2014, at 1:26 am, Christopher Schultz <ch...@christopherschultz.net> > wrote: > >> Mark, >> >> On 4/13/14, 10:29 AM, Mark Thomas wrote: >>> On 13/04/2014 08:18, Christopher Schultz wrote: >>>> Mark, >>>> >>>> On 4/13/14, 10:10 AM, Mark Thomas wrote: >>>>> On 13/04/2014 08:09, Christopher Schultz wrote: >>>>>> All, >>>>>> >>>>>> I've taken the liberty of creating a Heartbleed info page on >>>>>> the wiki. I'm going to add a mention of it under the "Not a >>>>>> vulnerability in Tomcat" section for the security pages for >>>>>> Tomcats 6, 7, and 8. >>>>> >>>>> And tc-native please. >>>>> >>>>>> Shall I also add something to the home page as well? Or shall >>>>>> we just roll that into the upcoming announcement of tcnative >>>>>> 1.1.30? I kind of think it should do with the tcnative >>>>>> announcement, but Mladen hasn't yet closed the vote, published >>>>>> the build, etc. and I wanted to get something up sooner rather >>>>>> than later. >>>>> >>>>> +1 to the native announcement. >>>>> >>>>>> Does anyone have any suggestions for how to proceed? >>>>> >>>>> Your plan looks good to me. >>>> >>>> Okay, good. I've updated the Tomcat security info (will do >>>> tcnative soon). Once I've done that, what's the process to actually >>>> refresh the website? I re-built and committed the .html files from >>>> svn already. >>> >>> That is all you need to do. The site should update a few seconds later. >> >> Great, I can see my updates posted, now. >> >> I neglected to change my password in the open window set by the infra >> team, so it's been reset. The web-based reset tool isn't working for me >> so I sent a message to r...@apache.org explaining the situation. I >> haven't heard back, yet. >> >> So I'm a little stuck until I can get a password reset. I can access >> people.apache.org with my ssh2 key. Is this something you might be able >> to goose-along? >> > > http://id.apache.org/reset/ worked for me, but it might require a GPG key > registered in your profile (my reset came GPG encrypted).
id.a.o does not require GPG but if you have a public key set then it will always use it. If you have lost your private key and forgotten your password root can remove the key from the ID if you ask nicely. The alternative is to ssh to people.a.o with you ssh key and use passwd. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
