Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by David Fifield@dcf

Rehearse email registration helper key compromise

What happens if the Gmail password or RSA private key in #6383 (closed) is compromised? We should simulate that situation, and document the steps needed to recover from it.

The steps to be taken probably include at least

  • Deactivate the Gmail account.
  • Create a new Gmail account (or use one already created in reserve) with a new password.
  • Set up a new application-specific IMAP password (see #6986 (closed)).
  • Install the application-specific password on the facilitator.
  • Generate a new RSA keypair and install on the facilitator.
  • Insert the new email address and RSA public key in the flashproxy-reg-email program.
  • Build new flashproxy-client packages with the new email address and public key.
  • Security announcement of new packages.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information