Zum Inhalt springen

Metalab Services: Unterschied zwischen den Versionen

← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
VisuellWikitext
fuck mediawiki in particular
Pepi (Diskussion | Beiträge)
642 Bearbeitungen
Things that need to be done: Moved comments to discussion page: https://metalab.at/wiki/Diskussion:Metalab_Services
Zeile 40: Zeile 40:


Anything missing? Please [https://metalab.at/wiki/index.php?title=Metalab_Services&action=edit&section=1 add] it!
Anything missing? Please [https://metalab.at/wiki/index.php?title=Metalab_Services&action=edit&section=1 add] it!




=== Things that need to be done ===
=== Things that need to be done ===
This is a DRAFT list meant to aggregate things that likely should be looked at if they need any relevant updates. Known security issues should be regarded as relevant.
* Document all changes, updates, etc.
* Document all changes, updates, etc.
** Changes are currently documented to the best of our ability. Anyone suggesting a "better way" will have to demonstrate the magical power of changing people's behaviour(tm) first
* Update Apache to 2.2.26 (current as of 2013-11-19) or switch to nginx
* Update Apache to 2.2.26 (current as of 2013-11-19) or switch to nginx
** Why??? [[Benutzer:hop]]
* Update to eJabberd 13.10 (current as of 2013-11-19) or switch to prosody
* Update to eJabberd 13.10 (current as of 2013-11-19) or switch to prosody
* Check ALL the Certificates for ALL the services. Acquire certificates for services that do not yet have one. (Basically do not host any unencrypted services anymore)
* Check ALL the Certificates for ALL the services. Acquire certificates for services that do not yet have one. (Basically do not host any unencrypted services anymore)
* Provide forward secrecy for all services by using modern ciphers (EDH)
* Provide forward secrecy for all services by using modern ciphers (EDH)
* Discuss the use of ECC as the only widely implemented curves are known and deliberately weakened curves specified by NIST. (secp256r1, secp385r1). [[User:Pepi|Pepi]] recommends not to use ECC if possible but provide (p)fs by using EDH.
* Discuss the use of ECC as the only widely implemented curves are known and deliberately weakened curves specified by NIST. (secp256r1, secp385r1). [[User:Pepi|Pepi]] recommends not to use ECC with NIST curves if possible but provide (p)fs by using DHE (works with all current browsers except for Internet Explorer which only supports forward secrecy using ECDHE on Vista an newer.)
* Update Mediawiki to the current release
* Update Mediawiki to the current release
** WTF are you on about? We are tracking git and missing _one_ point release that has no security relevant changes. [[Benutzer:hop]]
* Update Trac to the current release
* Update Trac to the current release
* Check validity of ALL certificates and set up reminders to renew them. Find at least two persons who are volunteering to take care of that as well!
* Check validity of ALL certificates and set up reminders to renew them. Find at least two persons who are volunteering to take care of that as well!
Abgerufen von „https://metalab.at/alpakaparty/Metalab_Services