Sebb, we're talking about Twitter/X credentials for an atticed project that M&P will change immediately, not nuclear launch codes. Developing an end-to-end fully secure secrets transfer process is not a small endeavor. We have provided the Bitwarden option. Since you are unwilling to use it, you can gpg encrypt the secrets to root@ or you can DM me or Brian or Melissa on Slack with the creds and we'll change them. I appreciate your concern for security, but you're holding up the works here. Please provide the credentials so we can move forward. -Chris Infra Admin
On 2025/07/04 11:45:37 sebb wrote: > On Thu, 3 Jul 2025 at 19:07, Niall Pemberton <niall.pember...@gmail.com> > wrote: > > > > @Sebb, as you have access to the credentials, can you share them? > > > > It costs to have a Bitwarden account, so maybe NordPass is a better option > > for password sharing. > > It's possible to set up a free personal Bitwarden account: > > https://bitwarden.com/pricing/ > > I have one that I set up as a test a while ago. > > I have experimented with Send, and basically it creates a link that > allow one to access the content of the send in a browser. > There does not seem to be any protection against access by 3rd > parties; anyone who has access to the URL can see the content. > AFAICT the only advantage over a plain email is that the content > automatically disappears after a short while (default 1 week), whereas > emails would have to be manually deleted. by both sender an recipient. > > I'm not convinced it's an appropriate way to share sensitive data, > unless one shares the link via a secure channel (in which case is > there a need for the Send protection in the first place?). > > Or maybe I am missing something, and there is a way for Bitwarden to > send data directly between its users? > > GMail offers a more sophisticated confidential email: the content is > again shared via a link, but the link can only be opened by the person > with access to the email address. > If the recipient does not use GMail, they will be sent a one-time code > before they can see the message. > > This seems at least as good as the Bitwarden method, and many more > people have GMail accounts. > > Sebb > > > > Niall > > > > On Thu, 3 Jul 2025 at 17:45, Melissa Logan <meli...@constantia.io> wrote: > > > > > Hi Niall, we needed to fine-tune the workflow before responding. Here are > > > instructions: > > > > > > > > > 1. > > > > > > Share account passwords via Bitwarden’s “Send” feature and share the > > > link to: melissalo...@apache.org, b...@apache.org, wt...@apache.org > > > 1. > > > > > > Note: If you do not have a Bitwarden account set up, you will need > > > to create one in order to send – or use another secure password > > > manager to > > > send us the link. > > > 2. > > > > > > M&P will create a free email account for your project, e.g. > > > projectn...@gmail.com. > Note, this has been completed for jclouds. > > > 3. > > > > > > M&P will log in to each social media account and change the email to > > > the new free email account. > > > 4. > > > > > > M&P will verify the account with the new email, change, the password, > > > and save details in Bitwarden. > > > > > > > > > Any questions, just let us know. > > > > > > On Mon, Jun 30, 2025 at 4:33 AM Brian Proffitt <br...@proffitt.org> wrote: > > > > > >> We saw it, and have started the process to create a new placeholder > > >> account so we can transfer "ownership" of the X account to that. > > >> Someone from M&P will be reaching out to you/them to get the keys to > > >> the X account to make the transfer. > > >> > > >> BKP > > >> > > >> On Mon, Jun 30, 2025 at 5:57 AM Niall Pemberton > > >> <niall.pember...@gmail.com> wrote: > > >> > > > >> > Hi M&P, > > >> > > > >> > Adding mark...@apache.org as theres been no response from > > >> pr...@apache.org > > >> > > > >> > Niall > > >> > > > >> > On Thu, 26 Jun 2025 at 17:30, Niall Pemberton < > > >> niall.pember...@gmail.com> wrote: > > >> >> > > >> >> Hi M&P, > > >> >> > > >> >> The jclouds project is in the process of moving to the Attic (see > > >> ATTIC-244[1] ) and at they have an x.com account (https://x.com/jclouds) > > >> which has been updated as per the new Attic process for social media[2]. > > >> >> > > >> >> The next step in that process is to discuss with you "the best way to > > >> share social media credentials for safekeeping". So how would you like to > > >> proceed with this? > > >> >> > > >> >> One other thing to consider, that account is linked to > > >> priv...@jclouds.apache.org which at some point will be closed down as > > >> part of the Attic process. So it would be a good idea, once you have the > > >> credentials, to change that to something M&P control. > > >> >> > > >> >> Regards > > >> >> > > >> >> Niall > > >> >> > > >> >> [1] https://issues.apache.org/jira/browse/ATTIC-244 > > >> >> [2] > > >> https://attic.apache.org/process-howto.html#5-update-social-media-if-any > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: markpub-unsubscr...@apache.org > > >> For additional commands, e-mail: markpub-h...@apache.org > > >> > > >> >
