Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closes #3939: Update 2024 passwords #3940

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Closes #3939: Update 2024 passwords #3940

wants to merge 3 commits into from

Conversation

danahertzberg
Copy link
Contributor

Description

Updates passwords to 2025

Release notes

Make sure to add the release notes label to this PR.

This updates all instances of 2024 in passwords to 2025

Related issues

Closes #3939

How to test

Types of changes

Arizona Quickstart (install profile, custom modules, custom theme)

  • Patch release changes
    • Bug fix
    • Accessibility, performance, or security improvement
    • Critical institutional link or brand change
    • Adding experimental module
    • Update experimental module
  • Minor release changes
    • New feature
    • Breaking or visual change to existing behavior
    • Upgrade experimental module to stable
    • Enable existing module by default or database update
    • Non-critical brand change
    • New internal API or API improvement with backwards compatibility
    • Risky or disruptive cleanup to comply with coding standards
    • High-risk or disruptive change (requires upgrade path, risks regression, etc.)
  • Other or unknown
    • Other or unknown

Drupal core

  • Patch release changes
    • Security update
    • Patch level release (non-security bug-fix release)
    • Patch removal that's no longer necessary
  • Minor release changes
    • Major or minor level update
  • Other or unknown
    • Other or unknown

Drupal contrib projects

  • Patch release changes
    • Security update
    • Patch or minor level update
    • Add new module
    • Patch removal that's no longer necessary
  • Minor release changes
    • Major level update
  • Other or unknown
    • Other or unknown

Checklist

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My change requires release notes.

@danahertzberg danahertzberg requested a review from a team as a code owner December 11, 2024 17:32
@danahertzberg danahertzberg linked an issue Dec 11, 2024 that may be closed by this pull request
Update passwords for local dev and PR preview sites #3939
Open
@danahertzberg danahertzberg self-assigned this Dec 11, 2024
@danahertzberg
Copy link
Contributor Author

Include in release branches we are maintaining. When merged into main, this will have the most effect.

@danahertzberg danahertzberg changed the title Closes #3939: Update 2025 passwords Closes #3939: Update 2024 passwords Dec 11, 2024
@joshuasosa
Copy link
Contributor

joshuasosa commented Dec 12, 2024
edited
Loading

Does this have to be something that changes every year?

I see it was changed in #3224 to address Chrome notifying of the passwords being listed in their databases. Is that actually a problem when these passwords are public? It's expected these passwords will be 'compromised' soon after they're published publicly.

If it's bothersome, the notice can disabled:

Chrome

chrome://settings/security
Turn off "Warn you if a password was compromised in a data breach"

Edge

edge://wallet/settings#settings-passwords-section
Turn off "Scan for leaked passwords"

Firefox

about:preferences#privacy
Uncheck "Show alerts about passwords for breached websites"

@danahertzberg
Copy link
Contributor Author

Hm. I did not know the notice could be disabled. I think it was partially due to that. And yes, we would need to update every year.

@joeparsons Do you have any thoughts about disabling the notice and not updating the passwords every year?

@joeparsons
Copy link
Member

joeparsons commented Dec 12, 2024
edited
Loading

This convention was adopted solely to avoid the bothersome/annoying browser notices without requiring people to have to disable the otherwise useful (and global) setting in their browser(s).

We discussed this about a year ago (?) in a couple of AZ Digital meetings and this was the convention that we decided on knowing that we're not actually preventing the passwords from being discoverable, etc.

@joeparsons joeparsons added the task Work that doesn't always require a pull request. label Dec 12, 2024
@danahertzberg
Copy link
Contributor Author

Thanks @joeparsons! I didn't know that setting was a global setting for the user. Thank you for clarifying and approving.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trackleft trackleft trackleft approved these changes

@joeparsons joeparsons joeparsons approved these changes

Assignees

@danahertzberg danahertzberg

Labels
release notes task Work that doesn't always require a pull request.
Projects
2.11.9
Status: Ready to merge
2.12.2
Status: Ready to merge
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update passwords for local dev and PR preview sites
4 participants
@danahertzberg @joshuasosa @joeparsons @trackleft