Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
T
team
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 129
    • Issues 129
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • The Tor Project
  • TPA
  • team
  • Issues
  • #40125

Closed
Open
Opened Dec 28, 2020 by anarcat@anarcat💬Owner23 of 32 tasks completed23/32 tasks

retire karsten's accesses

Since Karsten passed away, it is with a deep sadness in our hearts that we should start revoking his accesses inside the organisation.

The process for this is documented in retire-a-user, although we should probably clarify what happens to his emails... Obviously, we haven't handled such a situation before (as far as I know), so we should be extra careful as to what we do with everything.

Those are the services that need to be checked:

  • Big Blue Button: done, user has no access
  • blog (blocked, removed him from the blogger and admin groups, but kept the account)
  • bridges.tpo: no idea
  • btcpayserver: @hiro? i have no access
  • CiviCRM: i have no access
  • email: karsten was a member of the tor-weather@ and tor-archive-group@ aliases and was removed, arma and kaner remain on the former, boklm, anarcat, mikeperry, and dcf remain on the latter, see also the torarchive service above
  • GitLab: done, user is blocked
  • Gitolite/git-rw: @ahf @hiro
  • IRC: not using the irc bouncer, but part of the @tor-tpomember group and possibly more. @arma can you remove him from those irc groups?
  • jenkins: @weasel ?
  • LDAP: any TPA admin can revoke karsten's accesses, not sure when to do this or what to do with his email address...
  • nagios: removed his contact, need to find someone else to receive problem notifications for collector
  • Nextcloud: done, account disabled
  • RT
  • survey (revoked his accesses, but kept the account in case removing it would break surveys)
  • SVN: no access
  • translation: done, no access
  • WKD: removed his key from our OpenPGP keyring (crossing fingers here: hopefully that won't have a negative impact - this can easily be canceled by reverting commit 3b7bc44 in the account-keyring.git repo)

Additional TODO items, maybe out of scope?

  • globe is actually in use on staticiforme: /srv/globe-master.torproject.org is owned by the group. should those files be deleted?
  • check for files owned by karsten across the infra
  • check for crontabs owned by karsten everywhere (with actual lines! e.g. colchicifolium had an empty one)
  • decide what to do with torextratpo (no change since 2018)?
  • iwakeh and nima are now only part of the "torproject" group, should their accesses be completely revoked?

users removed from groups need to be checked across the accessible servers, karsten's files need to be checked separately (above) everywhere:

  • check.tpo: cleared files owned by arlo and phw, no other files found
  • collector: cleared dot files, gave what seemed to be important files in /home/iwakeh to arlo
  • exonerator: cleared mostly dot files from iwakeh
  • metrics: iwakeh
  • onionoo: iwakeh
  • torarchive: boklm
  • tordnsel: phw
  • torextratpa: nima
  • tormedia: nima
Edited Jan 14, 2021 by Alexander Færøy
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: tpo/tpa/team#40125