Git Product home page Git Product logo

autograph-edge's People

Contributors

dependabot-preview[bot] avatar dependabot[bot] avatar g-k avatar hwine avatar jvehent avatar mozilla-github-standards avatar

Stargazers

 avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

autograph-edge's Issues

Add open source software license

This Mozilla repository has been identified as lacking a license. Consistent with Mozilla's Licensing Policy an open source license should be applied to the code in this repository.

Please add an appropriate LICENSE.md file to the root directory of the project. In general, Mozilla's licensing policies are as follows:

Client-side products created by Mozilla employees or contributors should use the Mozilla Public License, Version 2.0 (MPL).

Server-side products or utilities that support Mozilla products may use either the MPL or the Apache License 2.0 (Apache 2.0).

In special cases, another license might be appropriate. If the repository is a fork of another repository it must apply the license of the original. Similarly, another license might be appropriate to match that of a broader project (for example Rust crates that Firefox depends on are published under an Apache 2.0 / MIT dual license, as that is the dual license used by the Rust programming language and projects).

Please ensure that any license added to the LICENSE.md file matches other licensing information in the repository (for example, it should match any license indicated in a setup.py or package.json file).

Mozilla staff can access more information in our Software Licensing Runbook – search for “Licensing Runbook” in Confluence to find it.

If you have any questions you can contact Daniel Nazer who can be reached at dnazer on Mozilla email or Slack.

OPENLIC-2023-01

Update CI tests to still support debian stretch

Debian stretch went EOL in 2022, which results in package repository URLs changing. Since the repository URLs are baked into the base image, normal updates no longer work.

The integration tests for autograph-edge use an image based on Debian stretch, so the entire Circle CI process fails. Successfully Circle CI operation is needed for deploying configuration file updates.

The test harness should be updated, but that's a different ticket.

cli arg for url

Currently to test a new config locally I need to decrypt the config then change the url.

It would be handy to have a CLI option to override the URL directly, so I don't need to have a decrypted version sitting around or modify the config.

This would probably be -u --url defaulting to "" then logs the config url is being overridden with usage: -u http://localhost:8000/sign/file

CODE_OF_CONDUCT.md file missing

As of January 1 2019, Mozilla requires that all GitHub projects include this CODE_OF_CONDUCT.md file in the project root. The file has two parts:

  1. Required Text - All text under the headings Community Participation Guidelines and How to Report, are required, and should not be altered.
  2. Optional Text - The Project Specific Etiquette heading provides a space to speak more specifically about ways people can work effectively and inclusively together. Some examples of those can be found on the Firefox Debugger project, and Common Voice. (The optional part is commented out in the raw template file, and will not be visible until you modify and uncomment that part.)

If you have any questions about this file, or Code of Conduct policies and procedures, please reach out to [email protected].

(Message COC001)

autograph-edge.prod.mozaws.net has failed the SecOps Baseline

Site https://autograph-edge.prod.mozaws.net has failed the SecOps Baseline scan.

The failing tests are:

Strict-Transport-Security Header Not Set [10035] x 3

This issue was automatically raised.

This issue is managed automatically by the baseline scan:

  • If the failing tests change then it will be updated
  • If it is closed before the tests pass then a new one will be opened
  • When all of the tests pass then it will be closed

Full details, including how to test for these issues locally, can be found on this Security Baseline Service dashboard.
If you have any questions or concerns please get in contact with @psiinon

autograph-edge.stage.mozaws.net has failed the SecOps Baseline

Site https://autograph-edge.stage.mozaws.net has failed the SecOps Baseline scan.

The failing tests are:

Strict-Transport-Security Header Not Set [10035] x 3

This issue was automatically raised.

This issue is managed automatically by the baseline scan:

  • If the failing tests change then it will be updated
  • If it is closed before the tests pass then a new one will be opened
  • When all of the tests pass then it will be closed

Full details, including how to test for these issues locally, can be found on this Security Baseline Service dashboard.
If you have any questions or concerns please get in contact with @psiinon

proposal: rename key and token on config to be clearer

In testing, I've inserted or copied the wrong value out a few times (e.g. key instead of token). Has anyone else run into this?

possible renaming schemes:

  • token to client_token
  • key to autograph_key or autograph_hawk_key and user to autograph_user or autograph_hawk_user or upstream_

This would be a breaking change, so we'd update the configs and bump a major version number.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.