Open stevejalim opened 1 year ago
@pascalchevrel No rush to reply, but does the description above cover everything we discussed?
LGTM
Notes to self: The data store between Nucleus and Bedrock is public, so any password would need to be encrypted with a shared secret
@pascalchevrel Talking about this with the team and balancing the complexity of getting an encrypted password set in Nucleus into Bedrock via release-notes
(and with mixed benefits, given the release-notes repo is public anyway), I have a lower-fidelity suggeestion:
Password protect this release on Mozorg Dev and Mozorg Stage
We think this would still add enough value, while being significantly simpler to implement. Would it be OK by you/your team?
basic auth is fine for me (that's what we were doing for release notes on mozilla-europe.org 15 years ago :) )
In very rare situations, usually related to security- or business-critical or situations we should be able to password-protect the release-notes pages on mozilla.org (DEV and STAGE)
By default, this should be off.
Ideally there would be a field on the Release admin UI to add a password and to enable its use.
When releases reach production, they should not use password protection even if one is still configured