On Mon, 05 Oct 2020 at 12:47:54 +0200, William Gathoye (LibreOffice) wrote: > From a security and reliability POV wrt. AskBot, this is an urgent step > IMHO.
Depending on where you're coming from (AskBot user or moderator, infra team, BoD, community at large) you might define urgency differently. FWIW AskBot upstream is still contracted by TDF to maintain the instance and last autumn I (painfully) upgraded the backend to an OS with 3 years before EOL still so I fail to see the security threat. > Like mentioned here[1], please at least allow some time to your sysadmin > to export the DB and replace all users credentials to one user Er passwords aren't the only the sensitive information… there are (off hand) other things like email addresses, OAuth tokens, sessions tokens, IPs tied to the activity log, etc. Pruning that is cumbersome and error prone, and users have not given consent for us to release that information so again that's not a decision I'll take myself. As written in the link you mentioned there is an AskBot API you can use at will if you're in a hurry :-) Backporting the commit to add /api/v1/answers/ was trivial so the public API should now be enough for a complete migration aside from account linking (which needs to be done by the infra team anyway). With the scrolling API it's even easy to fetch a dozens page of questions/users, see https://github.com/ASKBOT/askbot-devel/blob/master/askbot/doc/source/api.rst . -- Guilhem. -- To unsubscribe e-mail to: [email protected] Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ Privacy Policy: https://www.documentfoundation.org/privacy
