Gentoo Wiki:Email Policy Update and Password Reset April 2014

From Gentoo Wiki
Jump to:navigation Jump to:search

Executive summary of the changes

  • Users without a confirmed email address: You must to set and confirm an email address for your Gentoo Wiki account by May 31, 2014. All accounts that do not have a confirmed email account on file by then are permanently removed or disabled.
  • All users: You need to reset your password: Visit the preferences to change it.
  • New users: When signing up, you are now required to provide and confirm an email address.

Rationale

After the disclosure of the Heartbleed bug in OpenSSL (CVE-2014-0160, GLSA 201404-07), Gentoo has updated all servers and revoked and reissued private keys and certificates used for TLS services. However, in the time our services were vulnerable, credentials or session keys might have been stolen. Thus, all sessions are invalidated and all credentials have to be renewed.

Specifically on the Wiki, we did not require email addresses to be assigned to your account in the past. In situations like this, this is not optimal. To ease password transitions should they ever be necessary in the future, we will be requiring email addresses to be provided for every Wiki account.

FAQ

How do I know whether I have a confirmed email address on file?
After you log in, click on 'Preferences' in the top right corner. In the 'User Profile' tab, in the 'Email options', you should see your email address and 'Your email address was confirmed on (date)'.