Date: Sat, 19 Nov 2005 12:24:51 +0000 From: Ceri Davies <ceri@submonkey.net> To: "M. Warner Losh" <imp@bsdimp.com> Cc: pav@FreeBSD.org, cvs-doc@FreeBSD.org, cvs-all@FreeBSD.org, doc-committers@FreeBSD.org Subject: Re: cvs commit: www/en/cgi Makefile query-pr.cgi querypr-code.cgi Message-ID: <20051119122451.GG94004@submonkey.net> In-Reply-To: <20051112.103529.123972777.imp@bsdimp.com> References: <20051112141152.GT94004@submonkey.net> <1131813973.52725.36.camel@localhost> <20051112172425.GU94004@submonkey.net> <20051112.103529.123972777.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--6UEPj0d4ZbbWkD8I Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 12, 2005 at 10:35:29AM -0700, M. Warner Losh wrote: > In message: <20051112172425.GU94004@submonkey.net> > Ceri Davies <ceri@submonkey.net> writes: > : > > > No, just add f=3Draw to get the raw PR without markup. > : > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D<PR#>&f=3Draw > : > > > ^^^^^^ > : > >=20 > : > > If you do that, then the address is in the PR header anyway, so whe= re's > : > > the problem? (yes, that elides the usefulness a little, but raw lin= ks > : > > are not presented on the site and are therefore less spiderable). >=20 > <a little off-topic text deleted> >=20 > Ahem. Gettback back on track... >=20 > I've had a couple of private suggestions sent to me. >=20 > The first is to create a raw-query-pr.cgi that will just serve up one > PR in raw format with no links to this page. >=20 > The second is to add another parameter to query-pr that changes > quarterly. pass=3Dbluestarts this quarter, pass=3Dyellowdiamons next, etc > (well, we wouldn't use the ingrediants to lucky charms as a > password). This level of security is the same that exist on certain > invitation only IRC channels that are out there. Someone has to tell > you the password, and the password changes from time to time. Since > developer mail is project confidencial, I would guess it would be > sufficient to email the new password once a quarter. I have another idea. Committers could add a world-readable ~/.querypr.pass to their home directories containing a string that authenticates them for seeing email addresses. Then we have some method to "login" (ie, set a cookie) that lasts for a month. That method just checks that the string in the cookie matches the string in ~/.querypr.pass. Anyway, I think that the general consensus is that the current code thing sucks, so I agree that it should be backed out. Ceri --=20 Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Einstein (attrib.) --6UEPj0d4ZbbWkD8I Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDfxmTocfcwTS3JF8RAjK4AJwME7ZCmhN7mFaDj2sJ710J4PynngCgm4fw //c/lqmdxw4ph3FY1me6Bqg= =Zyxc -----END PGP SIGNATURE----- --6UEPj0d4ZbbWkD8I--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051119122451.GG94004>