https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #22 from Marc A. Pelletier ---
After a trivial test from my home:
http://lists.wikimedia.org/pipermail/newprojects/2014-April/91.html
Labs doesn't factor into it at all; any "security" provided by checking email
addresses on a
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #21 from Marc A. Pelletier ---
By design, our relays... relay mail from our network.
This is a bug in the script (that it behaves like production without tweak).
Yes, the possibility of abuse is there -- if someone abuse, we will
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #20 from Krinkle ---
(In reply to Marc A. Pelletier from comment #19)
> @Krinkle: Nothing; email is not secure and there is no sender verification.
> Anyone can fake From: headers.
>
> > I'm pretty sure something somewhere already
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Marc A. Pelletier changed:
What|Removed |Added
CC||m...@uberbox.org
--- Comment #19 f
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Marc A. Pelletier changed:
What|Removed |Added
Assignee|m...@uberbox.org|antoine.mu...@laposte.fr
--- Comme
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #17 from Krinkle ---
(In reply to Casey Brown from comment #12)
> (In reply to comment #11)
> > Depending on what box the email is being sent from it may even match SPF ...
> > since I know some of our boxes are on the SPF records.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #16 from Krinkle ---
*bump*.
Just got another half dozen e-mails through newprojects-l about
beta.wmflabs.org projects (zhwiki, ukwiki, ruwiki, kowiki, jawiki, hiwiki) that
somehow made it using production credentials to this list.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Andre Klapper changed:
What|Removed |Added
Keywords|easy|
--- Comment #15 from Andre Klapper -
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Andre Klapper changed:
What|Removed |Added
Assignee|wikibugs-l@lists.wikimedia. |m...@uberbox.org
|or
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #13 from Antoine "hashar" Musso ---
As I said in comment #3, it is just about adapting the notifyNewProjects to
have it using a different email. We could even make it exist whenever the
detected realm is not production :-]
--
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #12 from Casey Brown ---
(In reply to comment #11)
> Depending on what box the email is being sent from it may even match SPF ...
> since I know some of our boxes are on the SPF records.
>
> Most of the options described in this t
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #11 from James Alexander ---
Depending on what box the email is being sent from it may even match SPF ...
since I know some of our boxes are on the SPF records.
Most of the options described in this ticket would actually break the
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Mark A. Hershberger changed:
What|Removed |Added
CC||m...@everybody.org
--- Comment #
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #9 from Alex Monk ---
Well something is going wrong if a labs script can pretend to be a valid
@wikimedia.org address
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
__
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #8 from Casey Brown ---
It already does that, Daniel. It doesn't accept messages from anyone other than
w...@wikimedia.org. The issue is that the same script and address are used for
labs project creations and regular wiki creations
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Daniel Zahn changed:
What|Removed |Added
CC||dz...@wikimedia.org
--- Comment #7 from
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Krinkle changed:
What|Removed |Added
Keywords||ops
--
You are receiving this mail because:
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #6 from Krinkle ---
I agree with Alex.
A few considerations:
* Lists should require smtp authentication from @wikimedia.org domains and
reject the fake mail from labs (and if not already, fix the one in production
to use smtp inste
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Krinkle changed:
What|Removed |Added
Priority|Low |Normal
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #4 from Alex Monk ---
The code running on labs is irrelevant - it should simply be impossible for any
computer outside the production cluster to successfully send a message to that
list.
--
You are receiving this mail because:
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Alex Monk changed:
What|Removed |Added
CC||b...@caseybrown.org,
|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Antoine "hashar" Musso changed:
What|Removed |Added
Keywords||easy
Priority|Unpri
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #3 from Antoine "hashar" Musso ---
The addwiki.php script craft a delayed cron job that calls the
notifyNewProjects shell script 15 minutes after the project got created.
The shell is in operations/puppet.git : files/misc/scripts/n
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Sam Reed (reedy) changed:
What|Removed |Added
Severity|normal |minor
--
You are receiving this ma
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
--- Comment #2 from James Forrester ---
(In reply to comment #1)
> *** Bug 48797 has been marked as a duplicate of this bug. ***
Bah, it wasn't a dupe when I wrote it; I should have pressed save earlier. :-(
--
You are receiving this mail be
https://bugzilla.wikimedia.org/show_bug.cgi?id=48786
Alex Monk (Krenair) changed:
What|Removed |Added
CC||jforres...@wikimedia.org
--- Com
26 matches
Mail list logo