Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by David Fifield@dcf

Set up two-factor auth and app-specific password for email registration helper

Gmail has "application-specific passwords" that are intended to allow SMTP and IMAP programs to authenticate without using the main Gmail/Google Account password. For some reason, you can only set this up if you've enabled two-factor authentication.

We should do this because

  1. we can keep the master Gmail password offline, and only allow the facilitator access to IMAP under a different password. A breakin on the facilitator would not, for example, allow the intruder to set a new Gmail forwarding rule.
  2. We can revoke/rotate the IMAP password independently of the master Gmail password.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information