Let's get a few things clear here. I am not the only person with keys to the encrypted file containing the credentials. The following Attic members keys were used: dims (80D83A796103BF59) ekoneil (05D8FD2E4145FB42) hboutemy (C92C5FEC70161C62) jeremias (0355533D7FF84124) rbowen (5CFD37FACC78C893) rgoers (3595395EB3D8E1BA) sebb (7A8860944FAD5F62) tv (2EB9468288817402)
The credentials were also encrypted with the keys for several jClouds PMC members. This is a new process; there are bound to be issues that need ironing out. This takes time. It would be good to get this sorted, but I am not aware of any real deadline here. I asked on users@Infra a week ago for alternatives to using unencrypted email to transfer the credentials. It is only now that some suggestions have been made. Sebb On Tue, 15 Jul 2025 at 01:18, Chris Lambertus <c...@apache.org> wrote: > > Sebb, we're talking about Twitter/X credentials for an atticed project that > M&P will change immediately, not nuclear launch codes. Developing an > end-to-end fully secure secrets transfer process is not a small endeavor. We > have provided the Bitwarden option. Since you are unwilling to use it, you > can gpg encrypt the secrets to root@ or you can DM me or Brian or Melissa on > Slack with the creds and we'll change them. I appreciate your concern for > security, but you're holding up the works here. Please provide the > credentials so we can move forward. > > -Chris > Infra Admin > > On 2025/07/04 11:45:37 sebb wrote: > > On Thu, 3 Jul 2025 at 19:07, Niall Pemberton <niall.pember...@gmail.com> > > wrote: > > > > > > @Sebb, as you have access to the credentials, can you share them? > > > > > > It costs to have a Bitwarden account, so maybe NordPass is a better option > > > for password sharing. > > > > It's possible to set up a free personal Bitwarden account: > > > > https://bitwarden.com/pricing/ > > > > I have one that I set up as a test a while ago. > > > > I have experimented with Send, and basically it creates a link that > > allow one to access the content of the send in a browser. > > There does not seem to be any protection against access by 3rd > > parties; anyone who has access to the URL can see the content. > > AFAICT the only advantage over a plain email is that the content > > automatically disappears after a short while (default 1 week), whereas > > emails would have to be manually deleted. by both sender an recipient. > > > > I'm not convinced it's an appropriate way to share sensitive data, > > unless one shares the link via a secure channel (in which case is > > there a need for the Send protection in the first place?). > > > > Or maybe I am missing something, and there is a way for Bitwarden to > > send data directly between its users? > > > > GMail offers a more sophisticated confidential email: the content is > > again shared via a link, but the link can only be opened by the person > > with access to the email address. > > If the recipient does not use GMail, they will be sent a one-time code > > before they can see the message. > > > > This seems at least as good as the Bitwarden method, and many more > > people have GMail accounts. > > > > Sebb > > > > > > > Niall > > > > > > On Thu, 3 Jul 2025 at 17:45, Melissa Logan <meli...@constantia.io> wrote: > > > > > > > Hi Niall, we needed to fine-tune the workflow before responding. Here > > > > are > > > > instructions: > > > > > > > > > > > > 1. > > > > > > > > Share account passwords via Bitwarden’s “Send” feature and share the > > > > link to: melissalo...@apache.org, b...@apache.org, wt...@apache.org > > > > 1. > > > > > > > > Note: If you do not have a Bitwarden account set up, you will need > > > > to create one in order to send – or use another secure password > > > > manager to > > > > send us the link. > > > > 2. > > > > > > > > M&P will create a free email account for your project, e.g. > > > > projectn...@gmail.com. > Note, this has been completed for jclouds. > > > > 3. > > > > > > > > M&P will log in to each social media account and change the email to > > > > the new free email account. > > > > 4. > > > > > > > > M&P will verify the account with the new email, change, the password, > > > > and save details in Bitwarden. > > > > > > > > > > > > Any questions, just let us know. > > > > > > > > On Mon, Jun 30, 2025 at 4:33 AM Brian Proffitt <br...@proffitt.org> > > > > wrote: > > > > > > > >> We saw it, and have started the process to create a new placeholder > > > >> account so we can transfer "ownership" of the X account to that. > > > >> Someone from M&P will be reaching out to you/them to get the keys to > > > >> the X account to make the transfer. > > > >> > > > >> BKP > > > >> > > > >> On Mon, Jun 30, 2025 at 5:57 AM Niall Pemberton > > > >> <niall.pember...@gmail.com> wrote: > > > >> > > > > >> > Hi M&P, > > > >> > > > > >> > Adding mark...@apache.org as theres been no response from > > > >> pr...@apache.org > > > >> > > > > >> > Niall > > > >> > > > > >> > On Thu, 26 Jun 2025 at 17:30, Niall Pemberton < > > > >> niall.pember...@gmail.com> wrote: > > > >> >> > > > >> >> Hi M&P, > > > >> >> > > > >> >> The jclouds project is in the process of moving to the Attic (see > > > >> ATTIC-244[1] ) and at they have an x.com account > > > >> (https://x.com/jclouds) > > > >> which has been updated as per the new Attic process for social > > > >> media[2]. > > > >> >> > > > >> >> The next step in that process is to discuss with you "the best way > > > >> >> to > > > >> share social media credentials for safekeeping". So how would you like > > > >> to > > > >> proceed with this? > > > >> >> > > > >> >> One other thing to consider, that account is linked to > > > >> priv...@jclouds.apache.org which at some point will be closed down as > > > >> part of the Attic process. So it would be a good idea, once you have > > > >> the > > > >> credentials, to change that to something M&P control. > > > >> >> > > > >> >> Regards > > > >> >> > > > >> >> Niall > > > >> >> > > > >> >> [1] https://issues.apache.org/jira/browse/ATTIC-244 > > > >> >> [2] > > > >> https://attic.apache.org/process-howto.html#5-update-social-media-if-any > > > >> > > > >> --------------------------------------------------------------------- > > > >> To unsubscribe, e-mail: markpub-unsubscr...@apache.org > > > >> For additional commands, e-mail: markpub-h...@apache.org > > > >> > > > >> > >
