Skip to content

GitLab

T
team

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Open
Opened by anarcat@anarcat💬Owner23 of 32 tasks completed23/32 tasks

retire karsten's accesses

Since Karsten passed away, it is with a deep sadness in our hearts that we should start revoking his accesses inside the organisation.

The process for this is documented in retire-a-user, although we should probably clarify what happens to his emails... Obviously, we haven't handled such a situation before (as far as I know), so we should be extra careful as to what we do with everything.

Those are the services that need to be checked:

  • Big Blue Button: done, user has no access
  • blog (blocked, removed him from the blogger and admin groups, but kept the account)
  • bridges.tpo: no idea
  • btcpayserver: @hiro? i have no access
  • CiviCRM: i have no access
  • email: karsten was a member of the tor-weather@ and tor-archive-group@ aliases and was removed, arma and kaner remain on the former, boklm, anarcat, mikeperry, and dcf remain on the latter, see also the torarchive service above
  • GitLab: done, user is blocked
  • Gitolite/git-rw: @ahf @hiro
  • IRC: not using the irc bouncer, but part of the @tor-tpomember group and possibly more. @arma can you remove him from those irc groups?
  • jenkins: @weasel ?
  • LDAP: any TPA admin can revoke karsten's accesses, not sure when to do this or what to do with his email address...
  • nagios: removed his contact, need to find someone else to receive problem notifications for collector
  • Nextcloud: done, account disabled
  • RT
  • survey (revoked his accesses, but kept the account in case removing it would break surveys)
  • SVN: no access
  • translation: done, no access
  • WKD: removed his key from our OpenPGP keyring (crossing fingers here: hopefully that won't have a negative impact - this can easily be canceled by reverting commit 3b7bc44 in the account-keyring.git repo)

Additional TODO items, maybe out of scope?

  • globe is actually in use on staticiforme: /srv/globe-master.torproject.org is owned by the group. should those files be deleted?
  • check for files owned by karsten across the infra
  • check for crontabs owned by karsten everywhere (with actual lines! e.g. colchicifolium had an empty one)
  • decide what to do with torextratpo (no change since 2018)?
  • iwakeh and nima are now only part of the "torproject" group, should their accesses be completely revoked?

users removed from groups need to be checked across the accessible servers, karsten's files need to be checked separately (above) everywhere:

  • check.tpo: cleared files owned by arlo and phw, no other files found
  • collector: cleared dot files, gave what seemed to be important files in /home/iwakeh to arlo
  • exonerator: cleared mostly dot files from iwakeh
  • metrics: iwakeh
  • onionoo: iwakeh
  • torarchive: boklm
  • tordnsel: phw
  • torextratpa: nima
  • tormedia: nima
Edited by Alexander Færøy
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information