tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Whittington <t...@apache.org>
Subject Re: [off-list] Heartbleed info
Date Mon, 14 Apr 2014 19:45:02 GMT

On 15/04/2014, at 1:26 am, Christopher Schultz <chris@christopherschultz.net> wrote:

> Mark,
> 
> On 4/13/14, 10:29 AM, Mark Thomas wrote:
>> On 13/04/2014 08:18, Christopher Schultz wrote:
>>> Mark,
>>> 
>>> On 4/13/14, 10:10 AM, Mark Thomas wrote:
>>>> On 13/04/2014 08:09, Christopher Schultz wrote:
>>>>> All,
>>>>> 
>>>>> I've taken the liberty of creating a Heartbleed info page on
>>>>> the wiki. I'm going to add a mention of it under the "Not a 
>>>>> vulnerability in Tomcat" section for the security pages for
>>>>> Tomcats 6, 7, and 8.
>>>> 
>>>> And tc-native please.
>>>> 
>>>>> Shall I also add something to the home page as well? Or shall
>>>>> we just roll that into the upcoming announcement of tcnative
>>>>> 1.1.30? I kind of think it should do with the tcnative
>>>>> announcement, but Mladen hasn't yet closed the vote, published
>>>>> the build, etc. and I wanted to get something up sooner rather
>>>>> than later.
>>>> 
>>>> +1 to the native announcement.
>>>> 
>>>>> Does anyone have any suggestions for how to proceed?
>>>> 
>>>> Your plan looks good to me.
>>> 
>>> Okay, good. I've updated the Tomcat security info (will do
>>> tcnative soon). Once I've done that, what's the process to actually
>>> refresh the website? I re-built and committed the .html files from
>>> svn already.
>> 
>> That is all you need to do. The site should update a few seconds later.
> 
> Great, I can see my updates posted, now.
> 
> I neglected to change my password in the open window set by the infra
> team, so it's been reset. The web-based reset tool isn't working for me
> so I sent a message to root@apache.org explaining the situation. I
> haven't heard back, yet.
> 
> So I'm a little stuck until I can get a password reset. I can access
> people.apache.org with my ssh2 key. Is this something you might be able
> to goose-along?
> 

http://id.apache.org/reset/ worked for me, but it might require a GPG key registered in your
profile (my reset came GPG encrypted).


> Thanks,
> -chris
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message