TPA issueshttps://gitlab.torproject.org/groups/tpo/tpa/-/issues2020-06-27T14:18:41Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23207Registration on trac seems to be counterintuitive2020-06-27T14:18:41ZTracRegistration on trac seems to be counterintuitiveDescription: When trying to register on this very website, using a username is rejected with the error "e-mail-address required". When using an e-mail-address to register it is not possible to change the displayed name to a username.
Ex...Description: When trying to register on this very website, using a username is rejected with the error "e-mail-address required". When using an e-mail-address to register it is not possible to change the displayed name to a username.
Expected behaviour: Registration with a username should be possible with a username that is not an e-mail-address. If an e-mail-address is required this should be stated clearly.
Proposed change: Change either the requirements for registration, or the name for account to display clearly the need for an e-mail-address.
Note: I deleted this very account a few minutes ago as I thought it was just my mistake, but I could repeat the error. If possible I would like to change my username to the domain name (without dot) used in this e-mail-address.
**Trac**:
**Username**: mail@5ece.deJens KubiezielJens Kubiezielhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23205Grant hiro access to civi2021-05-06T14:23:03ZTracGrant hiro access to civiht access credentials needed for hiro in civicrm
**Trac**:
**Username**: jselonht access credentials needed for hiro in civicrm
**Trac**:
**Username**: jselonhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23204This is a test ticket afte trac update2020-06-27T14:18:42ZHiroThis is a test ticket afte trac updateTest ticketTest ticketHiroHirohttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23164Install tor on crispum2020-06-27T14:18:42ZTom Rittertom@ritter.vgInstall tor on crispumPlease install tor on crispum so I can configure the hidden services for the tor crash dump submitter and viewer services.
See also legacy/trac#22923Please install tor on crispum so I can configure the hidden services for the tor crash dump submitter and viewer services.
See also legacy/trac#22923https://gitlab.torproject.org/tpo/tpa/team/-/issues/23162create speaking@ alias to coordinate speaking requests2020-06-27T14:18:42ZRoger Dingledinecreate speaking@ alias to coordinate speaking requestsAs part of the speakers bureau plan, I'm going to create a speaking@ alias, which currently will point to me, alison, shari, steph, tommy, isa.
The goal is that it can be a place where we coordinate our responses to invitations to speak...As part of the speakers bureau plan, I'm going to create a speaking@ alias, which currently will point to me, alison, shari, steph, tommy, isa.
The goal is that it can be a place where we coordinate our responses to invitations to speak at various events, and maybe eventually an outside address where people can directly invite us to speak at various events, rather than mailing whoever it is that they pick individually as is done today.
It is explicitly *not* the place where all the people who want to sign up to do speaking events for Tor will congregate.https://gitlab.torproject.org/tpo/tpa/team/-/issues/23158Restrict access to InterMapTxt and other service pages2020-06-27T14:18:42ZcypherpunksRestrict access to InterMapTxt and other service pagesInterMapTxt can be used to redefine links schemas. Using it everyone logged as cypherpunks user can globally nearly-stealthy redirect all the prefixed links to malware-spreading websites.InterMapTxt can be used to redefine links schemas. Using it everyone logged as cypherpunks user can globally nearly-stealthy redirect all the prefixed links to malware-spreading websites.Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23152Disallow tiff (and other non png non text) uploads2020-06-27T14:18:42ZcypherpunksDisallow tiff (and other non png non text) uploadsTiff is a quite a complicated format. Its implementation can contain vulnerabilities.
Some man creates tickets with tiffs attached:
legacy/trac#23140, legacy/trac#23085.
People consider this as an attack. They even ask him in a rude fo...Tiff is a quite a complicated format. Its implementation can contain vulnerabilities.
Some man creates tickets with tiffs attached:
legacy/trac#23140, legacy/trac#23085.
People consider this as an attack. They even ask him in a rude form not to post tiffs. Maybe we should protect him from such a rudeness ;) I suggest to disallow uploads of non-text formats other than the ones in the following whitelist: ["png"].Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23133Use .onion more. Redirect traffic to .onion if the user come from Tor.2020-06-27T14:18:42ZcypherpunksUse .onion more. Redirect traffic to .onion if the user come from Tor.onion.torproject.org/
I had a hard time finding your official onion.
Why not use it actively?onion.torproject.org/
I had a hard time finding your official onion.
Why not use it actively?https://gitlab.torproject.org/tpo/tpa/team/-/issues/23120Make it harder to brute-force Trac user passwords2020-06-27T14:18:42ZGeorg KoppenMake it harder to brute-force Trac user passwordsCurrently we don't have any measures in place to stop brute-forcing passwords of Trac accounts. I know, we are all using secure passwords, but still we could do better here and set up an upper limit password retries.
That got reported v...Currently we don't have any measures in place to stop brute-forcing passwords of Trac accounts. I know, we are all using secure passwords, but still we could do better here and set up an upper limit password retries.
That got reported via HackerOne by S.M.Usman (muhammad_usman)Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23112Remove "safely" from the gitweb torsocks description2020-06-27T14:18:42ZDavid Gouletdgoulet@torproject.orgRemove "safely" from the gitweb torsocks descriptionOn gitweb.torproject.org, the descriptor for the torsocks repository is "Wrapper to safely torify applications".
I think that we should remove "safely" because torsocks try its best but it's far from fully "safe" or even providing a lev...On gitweb.torproject.org, the descriptor for the torsocks repository is "Wrapper to safely torify applications".
I think that we should remove "safely" because torsocks try its best but it's far from fully "safe" or even providing a level of comfortable safety with any random applications.https://gitlab.torproject.org/tpo/tpa/team/-/issues/23068Trying to access the trac users list gives a 504 Gateway Timeout2020-06-27T14:18:43ZGeorg KoppenTrying to access the trac users list gives a 504 Gateway TimeoutWhile other admin options are working fine, trying to look at the users list via https://trac.torproject.org/projects/tor/admin/accounts/users gives a 504 Gateway Timeout repeatedly.
(Might be a ticket for the sysadmin team, though, not...While other admin options are working fine, trying to look at the users list via https://trac.torproject.org/projects/tor/admin/accounts/users gives a 504 Gateway Timeout repeatedly.
(Might be a ticket for the sysadmin team, though, not sure)Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23047Please add iwakeh to the onionoo, metrics, and exonerator groups2020-06-27T14:18:43ZKarsten LoesingPlease add iwakeh to the onionoo, metrics, and exonerator groups```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Please add iwakeh to the onionoo, metrics, and exonerator groups, so
that they can log in to the respective hosts providing these services.
Thanks!
-----BEGIN PGP SIGNATURE-----
Commen...```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Please add iwakeh to the onionoo, metrics, and exonerator groups, so
that they can log in to the respective hosts providing these services.
Thanks!
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCAAGBQJZeiloAAoJEO85p7J7H00B7GUH/iy0J9LUS7Z3XRViC5ATZufo
5bYHa+AcTIqyWqb8nuHJDBr/NPwkIpmuT4BI6eCUFiS5xJB4jvfvALxbtPoVdcRK
Bo6ivxKK8YbrLiCSJ7lB2X2/HsK+77tOYwyV0egUmLZmE678QcuINIcWXph70zlC
zsjVBJTWJNqYpSoyPVMQCbzM432cJpxtz+HS3QSWMPImeH7f7XzZF67LkLKT1nS6
AuIBAGnJ+3ImL9VBK8gHFKxrdDWZ9nJ0Plh/tRzG5vI+JRcR8pb4Oq8ILuWd1qrP
qEhUbcDmiRXhUmVq1lHbRQibkTh9ZsKAY4zW96LmYnpaISIJ6/GknPylpKcWyxw=
=7KqA
-----END PGP SIGNATURE-----
```https://gitlab.torproject.org/tpo/tpa/team/-/issues/23042emails to the wtf@ email list are bouncing2020-06-27T14:18:43ZTommy Collisonemails to the wtf@ email list are bouncingJens KubiezielJens Kubiezielhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23035make CRM able to receive mail2021-05-06T14:22:02Zweasel (Peter Palfrader)make CRM able to receive mailsee thread "Bulk emails to mailing lists from gillii"see thread "Bulk emails to mailing lists from gillii"https://gitlab.torproject.org/tpo/tpa/team/-/issues/23029https://metrics.torproject.org/ is down2020-06-27T14:18:43Zcypherpunkshttps://metrics.torproject.org/ is downhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/23021Create LDAP account for Leonid Evdokimov2020-06-27T14:18:43ZArturo FilastòCreate LDAP account for Leonid Evdokimov```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Please create an LDAP account for Leonid an OONI developer. He needs this to be able to push updates to the ooni website (so he should also be given access to the staticiforme user "oo...```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Please create an LDAP account for Leonid an OONI developer. He needs this to be able to push updates to the ooni website (so he should also be given access to the staticiforme user "ooni") and all other static hosting related sites.
Name: Leonid Evdokimov
Address: leon@darkk.net.ru
PGP Fingerprint: 6691 DE6B 4CCD C1C1 76A0 0D4A E1F2 A980 7F50 FAB2
Username: darkk
Thanks!
~ Arturo
-----BEGIN PGP SIGNATURE-----
Comment: PGP
iF4EAREKAAYFAll1+rAACgkQXWfNGHAih/SpogD8CxTrVQr/89TUYfEFsdCpKtWU
XogXSJm6bU0l/4IqVEoA+gMe5+jbfEe+UfuZv44O6s/+CQE6YrshMjDFBuIrk+u8
=k7EJ
-----END PGP SIGNATURE-----
```https://gitlab.torproject.org/tpo/tpa/team/-/issues/23017Please remove myself from the check group2020-06-27T14:18:43ZSebastian HahnPlease remove myself from the check groupthank youthank youhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/22997update Alison's GPG key in db.torproject.org2020-06-27T14:18:43ZAlison Macrinaupdate Alison's GPG key in db.torproject.org```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Please update FBF0 E7DB 1433 018E E52D 0DDA 9FC3 4089 CBE8 3CA3. The key is remaining the same, but the old key is showing as expired in the database. My LDAP username is "alison".
---...```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Please update FBF0 E7DB 1433 018E E52D 0DDA 9FC3 4089 CBE8 3CA3. The key is remaining the same, but the old key is showing as expired in the database. My LDAP username is "alison".
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE+/Dn2xQzAY7lLQ3an8NAicvoPKMFAllv0CkACgkQn8NAicvo
PKOe7g//QLACzV6USTLM9OnspS4ft4oCuY0X/fVOlDHMuZIOYe/gqiHQJizXcU04
tW4M1EaTc4oEPxYHIYIuL/cF3s7il5FpUBqnUfJWEsKoAi7u1fPdKjSBBiREqbFQ
Q/c4Zyru5wYXF06k0EsbsmPXcIF6W2pn/eIUIQXVPl/uX6jdTt8G0DQhx14BLAzu
fRm0ffVzOumn67HqWOjii6taGYJlgSOflhvBMouw9tLOVU8dL55QDVFC4VpRBXkO
3B++JQXqhqCv4D+512Pou/njxpGLbh5dXQ5FL6Axn4uFjw3DdQXr1R6Y2fLa34wx
778alOSggiK9n/1Z8KMI2mIiIi7GTx3vb6K/K4z2wzHaDgEToc2p9/XRnvImWKa1
6ZlAmEHsGjoKoBIWEHCXqTgDAcA80AkZJZwyIZmAFUCv9eaVQqcIjjF8DSGFzr8l
msl80vpHQk3KJhEmLWRJNg2AijzTr8QuUi+aHhBYjRztlkyOKmXvx1eLdXJWFHE1
mmnPsIobYywvjxvSjZikx7s2uS3fA1rwA87nYQjZoeAUO87PjP9MLzmPT5xnOL7w
yTa4tiRlhaYd6nYvM3V+odXWPCT9OcynlsmFtDgoUy4eOr6OPihp2hogHOug0nBx
JCvXb1L+ekYTwQ0nMgjkBSFrf23bmcPabZ1auViBNR9Kti+h6xY=
=ochZ
-----END PGP SIGNATURE-----
```https://gitlab.torproject.org/tpo/tpa/team/-/issues/22988Make all trac child tickets have the same headers and inherit fields2020-06-27T14:18:44ZteorMake all trac child tickets have the same headers and inherit fieldsHi,
Can you make the table headers for every parent ticket type:
"type, status, owner, summary"
And can you make the child Inherited fields for every parent ticket type:
"cc, version, keywords, component, milestone"
When I try to do t...Hi,
Can you make the table headers for every parent ticket type:
"type, status, owner, summary"
And can you make the child Inherited fields for every parent ticket type:
"cc, version, keywords, component, milestone"
When I try to do this on:
https://trac.torproject.org/projects/tor/admin/childticketsplugin/types
I get the error:
"Warning: Error writing to trac.ini, make sure it is writable by the web server. Your changes have not been saved."Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40645Please adopt torbrowser-launcher on deb.torproject.org2022-03-01T19:14:44ZTracPlease adopt torbrowser-launcher on deb.torproject.orgTo install and maintain Tor Browser Bundle (TBB) on Ubuntu I currently need to:
1. Add deb.torproject.org as a source to get the latest Tor router (per https://www.torproject.org/docs/debian)
2. Add ppa:micahflee/ppa as a source to get ...To install and maintain Tor Browser Bundle (TBB) on Ubuntu I currently need to:
1. Add deb.torproject.org as a source to get the latest Tor router (per https://www.torproject.org/docs/debian)
2. Add ppa:micahflee/ppa as a source to get the latest torbrowser-launcher (per https://github.com/micahflee/torbrowser-launcher#installing-in-ubuntu)
3. Use torbrowser-launcher to get the latest TBB
4. Rely on sources and torbrowser-launcher for further updates
My suggestion (if feasible) is to include torbrowser-launcher in deb.torproject.org and thereby skip step 2. (Step 2 is also tricky on Debian-based distros other than Ubuntu.) This would not only be more convenient, but I would have a single point of trust (deb.torproject.org) for everything Tor-related.
Related upstream ticket: https://github.com/micahflee/torbrowser-launcher/issues/269
**Trac**:
**Username**: d3vid