-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 11/22/2013 04:26 AM, Tim Flink wrote:

After a conversation with infra, we decided to lock down access to beaker.fedoraproject.org by IP address until we have a more secure solution for logins [1].

I've changed the server configuration so that access to beaker is only allowed from certain IPs. I think that most current users should be included in this list but if you're seeing 403s and think you should have access to beaker.fedoraproject.org, please let me know.

Sorry for the inconvenience, we hope to have an alternate access method soon.

A status update from the Beaker side:

- - Beaker 0.16 will salt passwords properly, so the default password based auth will be more suitable for the big bad world of the internet. 0.16 is currently expected to land sometime in late January (unfortunately, fixing it properly needed a DB schema change for the password storage, which ruled out the idea of fixing it in a maintenance release).

- - I'm giving a talk on Beaker at the continuous integration miniconf at LCA in Perth (Jan 6-10), so it would be nice to have at least read-only anonymous access from the wider internet by then. It's not a big drama if it isn't (I'll have a demo instance set up on my laptop regardless), but being able to suggest people take a look at a real installation would be a nice bonus :)

Cheers, Nick.

- -- Nick Coghlan Red Hat Hosted & Shared Services Software Engineering & Development, Brisbane

Testing Solutions Team Lead Beaker Development Lead (http://beaker-project.org/)