Details
- Reviewers
amckinley - Maniphest Tasks
- T13043: Improve authentication revocation behaviors
- Commits
- rPd4b3cd5255b6: Document the "bin/auth revoke" tool
Read document.
Diff Detail
- Repository
- rP Phabricator
- Branch
- revoke20
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 19117 Build 25813: Run Core Tests Build 25812: arc lint + arc unit
Event Timeline
The tone of this doc is a little glib and light for documentation that will frequently be viewed in an emergency. I get that "You might do this with these commands:" is intended to suggest there are multiple ways to achieve the same result, but could also convey the impression that this set of commands might not actually accomplish the desired result. This page should give an administrator the warm fuzzies after carrying out the suggested steps.
src/docs/user/field/revoking_credentials.diviner | ||
---|---|---|
40 | "extensions" | |
67 | "tooling"? | |
76–77 | "you should revoke" instead of "you may want to" | |
83–86 | Just for the record, the result of the above is the same as --everything --everywhere, except the above keeps SSH keys, right? | |
93–94 | "If you believe a user's credentials have been compromised" makes more sense than "affected by a compromise". Also, "you should revoke" instead of "you may want to". | |
104–106 | Too snarky for emergency documentation. |
- Be more direct about what to do and how to do it.
The cost of over-revoking is ultimately small so I think this is generally reasonable anyway.