[Project-managers] Mind your Trac pages

[Andreas Waechter]

Just to add to that:

For the Ipopt project pages (projects.coin-or.org/Ipopt) we had some bots 
attacks in the past.  Matt then changed the settings so that someone who 
wants to change the pages needs to enter a user id and a password.  I 
visibly publish those (not on the mail page, though) so that person who 
wants to edit the pages, can do that after clicking on one link and 
reading a bit.  After that, no malicious changes happened.

I think this is a good solution, if you want, you can just look at what I 
did for the Ipopt project.

However, I still check from time to time what changes happened to the wiki 
pages.  The easiest way to find out if something was edited, is to click 
on the "timeline" tab.

Greetings,

Andreas

On Fri, 14 Apr 2006, Matthew Saltzman wrote:

> If your project has a Trac page (every project in Subversion does, and most 
> that don't already will shortly), it would be a good idea to check in on it 
> every so often to make sure the content is OK.  Remember that Wikis are open 
> to editing by anybody so there is no sure-fire protection against nefarious 
> content modification.  Unlike tickets, Wiki pages in Trac have no way to 
> notify you when pages are modified.
>
> We've had a couple of incidents of bots replacing our Trac home pages with 
> spam.  If your page has serious problems with these automated attacks, we can 
> put measures in place that can slow them down, but it would still be possible 
> for human indivduals to edit the pages.  We are an open community, so I think 
> that closing Wiki pages to all editing by community members should be a last 
> resort.
>
> Thanks for your diligence.
>
> -- 
> 		Matthew Saltzman
>
> Clemson University Math Sciences
> mjs AT clemson DOT edu
> http://www.math.clemson.edu/~mjs
> _______________________________________________
> Project-managers mailing list
> Project-managers at list.coin-or.org
> http://list.coin-or.org/mailman/listinfo/project-managers
>