[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[equinox-dev] tracking contributions

as noted in the second item here, there is a new "contributed" keyword in bugzilla.  This is to be used to track situations where code contributed by someone outside the committer group is committed.  Perviously we have been using the adhoc comment containing something like [contributed patch committed].  you can continue to use that but please ensure that the "contributed" keyword is added either way.

Aside, I suspect there is a document somewhere on the Equinox or core site talking about how we handle outside contributions.  Taht should likely be updated...


----- Forwarded by Jeff McAffer/Ottawa/IBM on 08/23/2006 09:56 PM -----
"Eclipse WebMaster (Denis Roy)" <webmaster@xxxxxxxxxxx>
Sent by: eclipse.org-committers-bounces@xxxxxxxxxxx

08/22/2006 03:56 PM

Eclipse Committers <eclipse.org-committers@xxxxxxxxxxx>
[eclipse.org-committers] Webmaster Update


It's been a while since I sent one of these... I'll try to keep it short.

1. Access Forbidden to Update sites
2. New bugzilla keyword: Contributed (bug 153774)
3. Web pages on download.eclipse.org (and Phoenix)
4. SSH attacks

1. Access Forbidden to Update sites

We get many e-mails from confused users who see an Update Manager URL
for your project, and assume the URL is usable in a browser.  When they
try, they get an Access Forbidden message. For instance,

Some projects create an index.html or an index.php file alongside their
site.xml.  Witness: http://update.eclipse.org/updates/3.1/

Although I have modified our standard "Access Forbidden" message to
explain the reason why it's "forbidden", I think it would be great for
everyone if a basic index page was created to kindly provide "How-to use
the Update Manager URL" instructions.

2. New bugzilla keyword: Contributed (bug 153774)

Kim asked for a new Keyword: Contributed.  Use it as described.

The complete list of Bugzilla keywords is here:

3. Web pages on download.eclipse.org (and Phoenix)

There's some interesting discussion about web pages hosted on
download.eclipse.org, and Phoenix. Worth a read if you maintain the
download pages for your project.


4. SSH attacks

I know I've mentioned this before, but eclipse.org servers get about one
to four SSH attacks daily. Users try to brute-force logins to our
servers by using your user IDs with password dictionaries, or they try
to use system accounts, or even root.

To protect your login (and the code) we detect such attacks and swiftly
block them. The process is automatic, undiscriminating and unforgiving,
so please avoid these actions:

- trying to login to any eclipse.org server as root == Instant banishment.

- repeatedly trying to connect as someone who doesn't exist. Make sure
you're using the right user id.

- repeatedly trying to SSH to dev.eclipse.org as a valid user, but with
the wrong password.

False positives don't happen very often, so this is no big deal;
however, do keep this in mind before hitting the "retry" button of a
failed login. Don't hesitate to contact us to confirm your user id, or
to reset your password.

Thanks a bunch.



Eclipse WebMaster - webmaster@xxxxxxxxxxx
Questions? Consult the WebMaster FAQ at
View my status at http://wiki.eclipse.org/index.php/WebMaster
eclipse.org-committers mailing list