These fields aren't editable anyway, but if we don't do the full
validation we will instead crash if for example the same account
creation form is submitted twice (happens surprisingly often). Now we
will instead show a validation error message.
During oauth logins we need to store some temporary data related to the
users session. Previously we did this in the django session, but thanks
to AI bots trying millions of logins every day (and never completing the
process) we end up with many abandoned sessions in the db. To work
around this, instead store the temporary data in an encrypted cookie
passed to the browser. Since this cookie can be limited in scope to just
the auth part of the site, the slightly larger cookie size doesn't
matter, and we don't need to store any data at all server-side.
Instead of prepopulating a GET request that could generate a session,
createa a form with different submit buttons and use that. In the brave
new world of AI bots, nobody cares about robots.txt anymore, so we'd get
hit by a lot of requests specifically for these logins that were then
thrown away because they couldn't log in on the third party site.
This creates a community auth version 3 (previous one being 2, and 1 is
long gone) trhat uses AES_SIV as the encryption method instead of
regular AES_CBC, and validates the digests on all accounts.
As this gets deployed on servers incrementall, the version has to be
specified in the database record for the site. We could have the site
indicate this itself, but doing it this way seems safer as it will then
just break for any app that accidentally reverts the plugin.
Reviewed by Jacob Champion
This is not the prettiest at the moment as the server sponsor page doesn't
include logos, but we are obliged to display the Fastly one in return for the
services they provide. We may want to redesign this page at some point in
the future to group by sponsor and work more cleanly with non-server hosting
sponsors.
* Use /etc/os-release instead of lsb_release
* Update list of distribution releases covere
* Drop i386 and s390x architectures
* Use PG 17 in package name examples
The CoC had superfluous language on when a CoCC member could be
removed. Given the language didn't provide additional context on
the process of removal, the language itself is removed.
Signed-off-by: Jonathan S. Katz <jonathan.katz@excoventures.com>
The Contributors Committee wants to add our contact email to our
governance page and also link to the release notes from the
Contributor profile page. It should make it easier to know how to
contact us.
