Blackberry Mobile App Trac being targeted for hacks

We’ve noticed an influx of new entries in the BlackBerry Trac that are hacky/spammy. Example:

https://blackberry.trac.wordpress.org/#no1
https://blackberry.trac.wordpress.org/ticket/263

Can we block this from happening for the existing bad accounts posting and also prevent it from happening further? The BlackBerry app is also dead (for several years now) so we can freeze the entire site or get rid of it entirely.

#mobile #prio3

Make GSOC trac read-only

It’s getting pentested: https://gsoc.trac.wordpress.org/ticket/386

Can we make it read-only, and if not, then maybe back it up and shut it down, or put it behind proxy auth or something? It’d be nice to preserve the content for history, but it’s probably not worth maintaining anymore, and definitely not worth cleaning up after pentesters.

#prio3

Add SSL redirect to pingomatic.com

As per https://meta.trac.wordpress.org/ticket/4245 can we please enable a HTTP -> HTTPS redirect for pingomattic.com that keeps the REQUEST_URI intact?

#prio3

Can bbPress.trac please get Core’s…

Can bbPress.trac please get Core’s Ticket Workflow enabled for it? Same as Meta/BuddyPress already have.

ref: https://meta.trac.wordpress.org/ticket/2508

#prio3 #trac

As per https://meta.trac.wordpress.org/ticket/1639 can we…

As per https://meta.trac.wordpress.org/ticket/1639 can we update all of the Trac instances to have default_charset = utf-8?

A number of Trac instances are set to default_charset = iso-8859-15.

#prio3 #trac

As per https://meta.trac.wordpress.org/ticket/3985 can we…

As per https://meta.trac.wordpress.org/ticket/3985 can we change the behaviour of the out-of-bounds pagination requests from return 404; to instead load /404.php?

It seems most of the 404 handlers in the web role already do this, and it’s only the out-of-bounds pagination rules on the load balancer which have that behaviour.

#prio3

Can I get a deploy…

Can I get a deploy of the codex files?

I made a change to the DotorgRedirect plugin for the codex, to whitelist “wordpress.org” as a valid place for it to redirect to, per request of the docs team: https://wordpress.slack.com/archives/C02RP4WU5/p1543972984189700

So, just need to get that one line change onto the codex.

cc @drewapicture

#prio3

Make Blackberry Trac Read-Only

https://blackberry.trac.wordpress.org is no longer used, but sometimes pentesters add a bunch of junk content to the wiki etc. Can we put it in read-only mode?

xref https://wordpress.slack.com/archives/G02QCEMRY/p1543941337009700

cc @otto42

#prio3

The SSL certificate for “wp.org”…

The SSL certificate for “wp.org” is set to be the same one as the cert for “w.org”. Presumably this is because they’re both pointing to the same place which is doing the redirection, but the incorrect domain on the certificate causes an error.

So, wp.org needs a new SSL certificate set up on it.

#prio3

Remove ‘branch’ functionality from themes.trac.wordpress.org

As reported by #3686-meta the theme ‘Branches’ is appearing as a special item in the code browser.

Could the following rules be added to wp-themes/conf/trac.ini under [svn] to disable Trac’s default svn structure handling which we don’t use on that instance?
branches=
tags=

(I’ve tested that this works as expected under a local trac)

#prio3 #trac

#3686-meta