On 14 April 2014 21:34, Mark Thomas <ma...@apache.org> wrote: > On 14/04/2014 20:45, Tim Whittington wrote: >> >> On 15/04/2014, at 1:26 am, Christopher Schultz >> <ch...@christopherschultz.net> wrote: >> >>> Mark, >>> >>> On 4/13/14, 10:29 AM, Mark Thomas wrote: >>>> On 13/04/2014 08:18, Christopher Schultz wrote: >>>>> Mark, >>>>> >>>>> On 4/13/14, 10:10 AM, Mark Thomas wrote: >>>>>> On 13/04/2014 08:09, Christopher Schultz wrote: >>>>>>> All, >>>>>>> >>>>>>> I've taken the liberty of creating a Heartbleed info page on >>>>>>> the wiki. I'm going to add a mention of it under the "Not a >>>>>>> vulnerability in Tomcat" section for the security pages for >>>>>>> Tomcats 6, 7, and 8. >>>>>> >>>>>> And tc-native please. >>>>>> >>>>>>> Shall I also add something to the home page as well? Or shall >>>>>>> we just roll that into the upcoming announcement of tcnative >>>>>>> 1.1.30? I kind of think it should do with the tcnative >>>>>>> announcement, but Mladen hasn't yet closed the vote, published >>>>>>> the build, etc. and I wanted to get something up sooner rather >>>>>>> than later. >>>>>> >>>>>> +1 to the native announcement. >>>>>> >>>>>>> Does anyone have any suggestions for how to proceed? >>>>>> >>>>>> Your plan looks good to me. >>>>> >>>>> Okay, good. I've updated the Tomcat security info (will do >>>>> tcnative soon). Once I've done that, what's the process to actually >>>>> refresh the website? I re-built and committed the .html files from >>>>> svn already. >>>> >>>> That is all you need to do. The site should update a few seconds later. >>> >>> Great, I can see my updates posted, now. >>> >>> I neglected to change my password in the open window set by the infra >>> team, so it's been reset. The web-based reset tool isn't working for me >>> so I sent a message to r...@apache.org explaining the situation. I >>> haven't heard back, yet. >>> >>> So I'm a little stuck until I can get a password reset. I can access >>> people.apache.org with my ssh2 key. Is this something you might be able >>> to goose-along? >>> >> >> http://id.apache.org/reset/ worked for me, but it might require a GPG key >> registered in your profile (my reset came GPG encrypted). > > id.a.o does not require GPG but if you have a public key set then it > will always use it. If you have lost your private key and forgotten your > password root can remove the key from the ID if you ask nicely. > > The alternative is to ssh to people.a.o with you ssh key and use passwd.
Did not know about that option. Should that be added here [1] ? I'm happy to update the page if so. [1] https://www.apache.org/dev/infra-contact#regain-account > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
