[aur-general] password reset request
Hi, I have lost my logindata for the AUR for the account michast I can't use the 'pssword forgotten' function because I also lost the login data for the email account i used for registration. Please send me a password reset link to this email address, thanks.
Hi, I have lost my logindata for the AUR for the account michast I can't use the 'pssword forgotten' function because I also lost the login data for the email account i used for registration. Please send me a password reset link to this email address, thanks.
Sorry, but that sound like the worst scam ever ;). By the way I have forgotten the password for (list of accounts here). Please send me a reset link. But if you are serious you should first try to recover your lost email account. Regards Alex
Tuesday, January 5, 2016 9:07 PM +01:00 from Alexander Görtz <aur@nyloc.de>:
Hi, I have lost my logindata for the AUR for the account michast I can't use the 'pssword forgotten' function because I also lost the login data for the email account i used for registration. Please send me a password reset link to this email address, thanks.
Sorry, but that sound like the worst scam ever ;).
By the way I have forgotten the password for (list of accounts here). Please send me a reset link.
But if you are serious you should first try to recover your lost email account.
Yep! Or simply to register a new AUR account bound to a new mail box (as I did it so earlier, being in the similar situation).
Regards Alex
-- Kind regards, Radislav (Radicchio) Golubtsov
Tuesday, January 5, 2016 9:07 PM +01:00 from Alexander Görtz <aur@nyloc.de>:
Hi, I have lost my logindata for the AUR for the account michast I can't use the 'pssword forgotten' function because I also lost the login data for the email account i used for registration. Please send me a password reset link to this email address, thanks.
Sorry, but that sound like the worst scam ever ;).
By the way I have forgotten the password for (list of accounts here). Please send me a reset link.
But if you are serious you should first try to recover your lost email account.
Yep! Or simply to register a new AUR account bound to a new mail box (as I did it so earlier, being in the similar situation).
I have another idea if you used your aur account you probably have added an ssh public key. So an admin could do something like. ssh-keygen -f "your_public_key" -e -m PKCS8 > "your_public_key.pem.pub" and then openssl rsautl -encrypt -pubin -inkey "your_public_key.pem.pub" -ssl -in "text_file_with_password_reset_link" -out "encrypted_text_file" then you could do openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in "encrypted_text_file" -out "reset_link_text_file" Hey we are using arch there are solutions everywhere you just have to find them. Alex PS: Not tested if it really works ;)
The problem is that recovering the email account is not possible. I deleted it (now it's blocked) because i didn't want to use it anymore. Sadly I've forgotten to change the email for the AUR account befor that. :-( Would be sad if i have to wait (180 days I think) till the used address gets unblocked so that I can reuse it. Registering a new AUR account would be ok, but then i can not use the username michast. I see the problem that I have to prove that I am the owner of the account, but how can I do that? ...the ssh key is also lost (thanks to the chakra installer..) :-/ Micha Am 05.01.2016 um 21:36 schrieb Alexander Görtz:
Tuesday, January 5, 2016 9:07 PM +01:00 from Alexander Görtz <aur@nyloc.de>:
Hi, I have lost my logindata for the AUR for the account michast I can't use the 'pssword forgotten' function because I also lost the login data for the email account i used for registration. Please send me a password reset link to this email address, thanks.
Sorry, but that sound like the worst scam ever ;).
By the way I have forgotten the password for (list of accounts here). Please send me a reset link.
But if you are serious you should first try to recover your lost email account.
Yep! Or simply to register a new AUR account bound to a new mail box (as I did it so earlier, being in the similar situation).
I have another idea if you used your aur account you probably have added an ssh public key. So an admin could do something like.
ssh-keygen -f "your_public_key" -e -m PKCS8 > "your_public_key.pem.pub"
and then
openssl rsautl -encrypt -pubin -inkey "your_public_key.pem.pub" -ssl -in "text_file_with_password_reset_link" -out "encrypted_text_file"
then you could do
openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in "encrypted_text_file" -out "reset_link_text_file"
Hey we are using arch there are solutions everywhere you just have to find them.
Alex
PS: Not tested if it really works ;)
On 01/05/2016 10:22 PM, Michael Straube wrote:
The problem is that recovering the email account is not possible. I deleted it (now it's blocked) because i didn't want to use it anymore. Sadly I've forgotten to change the email for the AUR account befor that. :-(
Would be sad if i have to wait (180 days I think) till the used address gets unblocked so that I can reuse it.
Registering a new AUR account would be ok, but then i can not use the username michast.
I see the problem that I have to prove that I am the owner of the account, but how can I do that?
...the ssh key is also lost (thanks to the chakra installer..) :-/
Sorry to say that, but that still sounds fishy... it just does not sound very probable that all this happened in combination: 1) deleted your email account 2) forgot your AUR password 3) lost your ssh key because of an installer If I look at your first mail you wrote "lost the login data for the email", maybe you meant that you deleted it... but somehow it feels a bit like you just switched the story. On 01/05/2016 07:55 PM, michastgit@web.de wrote:
I can't use the 'pssword forgotten' function because I also lost the login data for the email account i used for registration.
cheers anthraxx
Am 05.01.2016 um 22:33 schrieb Levente Polyak:
Sorry to say that, but that still sounds fishy... it just does not sound very probable that all this happened in combination:
1) deleted your email account 2) forgot your AUR password 3) lost your ssh key because of an installer
Yes I know, sorry. But it really happend. I created a new account.. I will file a orphan request for my maintained package so I can adopt it with the new account, but I am a bit afraid that a orphan request will not be accepted now. I know this sounds unbelievable, but I can only say again that I am the owner of the account. cheers Micha
On 05-01-2016 21:22, Michael Straube wrote:
The problem is that recovering the email account is not possible. I deleted it (now it's blocked) because i didn't want to use it anymore. Sadly I've forgotten to change the email for the AUR account befor that. :-(
Would be sad if i have to wait (180 days I think) till the used address gets unblocked so that I can reuse it.
Registering a new AUR account would be ok, but then i can not use the username michast.
I see the problem that I have to prove that I am the owner of the account, but how can I do that?
...the ssh key is also lost (thanks to the chakra installer..) :-/
Micha
I have no reason not to believe you, but the first thing that came to mind after reading your first message was social engineering, and your last message did reinforce that impression. The upstream url for the only package submitted by the user michast seems to be owned by you judging by your email. If what you say about deleting/deactivating your old account is true, then I suppose emails should bounce back. If the maintainer of a package can't be contacted or doesn't reply then the package can be orphaned, but I don't see the username being handed over just like that, it's just bad practice, even if other things seem to check out. On another note, if your email provider does reuse old addresses as you seem to imply, then I would not trust it. Old/deleted/inactive/disabled email addresses should _never_ be reused. -- Mauro Santos
Yes the upstream url is owned by me. I send a mail to the deleted address and it couldn't be delivered. Is it enough to write maintainer can't be contacted in the orphan request comment? Sorry for this one, but I changed a lot of my online accounts and addresses the last days and it seems I was not carefully enough. Micha
On 05-01-2016 23:06, Michael Straube wrote:
Yes the upstream url is owned by me. I send a mail to the deleted address and it couldn't be delivered. Is it enough to write maintainer can't be contacted in the orphan request comment?
I suppose you can add that information in the orphan request. The people in charge will most probably take that into account. -- Mauro Santos
On 2016-01-05 23:48, Mauro Santos wrote:
If the maintainer of a package can't be contacted or doesn't reply then the package can be orphaned, but I don't see the username being handed over just like that, it's just bad practice, even if other things seem to check out.
Although I agree, that the story sounds a little suspicious, I think, we can find a better way than to simply deny the request. One could send an email announcing the possible account transfer to the original email address. If there is no reply within e.g. a month, we can more or less safely assume, that the story is true. Should the decision later proof wrong, that should not be such a big issue, regarding the fact that there is no personal data stored except for the _public_ key and especially since the only package is your own project.
Am 06.01.2016 um 00:20 schrieb respiranto:
On 2016-01-05 23:48, Mauro Santos wrote:
If the maintainer of a package can't be contacted or doesn't reply then the package can be orphaned, but I don't see the username being handed over just like that, it's just bad practice, even if other things seem to check out.
Although I agree, that the story sounds a little suspicious, I think, we can find a better way than to simply deny the request. One could send an email announcing the possible account transfer to the original email address. If there is no reply within e.g. a month, we can more or less safely assume, that the story is true.
Ok, I filed an orphan request from the new account. I fully understand and appreciate your doubts about my story. Maybe my question was a bit naive. If it's not possible or to much trouble then it's ok for me to use a different username. More important is that I get back control over my package. Hoping the orphan request will be successfull soon.. cheers Micha
On Wed, Jan 6, 2016 at 5:15 PM, Michael Straube <michastgit@web.de> wrote: Ok, I filed an orphan request from the new account. I fully understand
and appreciate your doubts about my story. Maybe my question was a bit naive. If it's not possible or to much trouble then it's ok for me to use a different username. More important is that I get back control over my package. Hoping the orphan request will be successfull soon..
I couldn't even find your https://github.com/michast/cornas repository on github :p Come on, you're screwed :D
Thursday, January 7, 2016 12:34 PM +01:00 from SanskritFritz <sanskritfritz@gmail.com>:
On Wed, Jan 6, 2016 at 5:15 PM, Michael Straube <michastgit@web.de> wrote:
Ok, I filed an orphan request from the new account. I fully understand
and appreciate your doubts about my story. Maybe my question was a bit naive. If it's not possible or to much trouble then it's ok for me to use a different username. More important is that I get back control over my package. Hoping the orphan request will be successfull soon..
I couldn't even find your https://github.com/michast/cornas repository on github :p Come on, you're screwed :D
Please don't judge him strongly. I claim, yesterday (as I carefully follow this thread) I saw his repos on GitHub. There were (I don't remember exactly) approx. 4-5 repos (C/C++). And amongst them there was the "cornas" as well. I've even watched it roughly - there were a C-code and a few auxiliaries - the only one (initial) commit. And yes, now all his repos are deleted (or hidden, whatsoever). What I have to say... Maybe he has decided to start over... We are all people and sometimes doing some strange things (as the one can consider), but anyway wait and will see (not making any predictions). -- Kind regards, Radislav (Radicchio) Golubtsov
On 07/01/16 16:50, Radislav Golubtsov wrote:
Please don't judge him strongly. I claim, yesterday (as I carefully [...]
Nobody judges him, I'm sure. Or at least I agree with you nobody should. It's not really a matter of judgement, it's just about good practices. We certainly should do better than some big companies, who claim to be at the forefront of Internet security, and yet "authenticate" users with silly methods like the last four numbers of a credit card number. I'd rather prefer them piss me off by saying "We're really sorry, but we can't help you regain access to your account, unless we can reliably authenticate you. Please understand that this is in your own interest!" Speaking of which, it's probably a good time for everyone who uses PGP, but hasn't yet put their fingerprint in AUR, to do it now. Of course, one could lose their private PGP key either, but then their AUR access will be the least of their concerns, I'm sure. And for those who don't use PGP, it might be a good time to start. ;) Cheers, Luchesar
Speaking of which, it's probably a good time for everyone who uses PGP, but hasn't yet put their fingerprint in AUR, to do it now. Of course, one could lose their private PGP key either, but then their AUR access will be the least of their concerns, I'm sure.
And for those who don't use PGP, it might be a good time to start. ;)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Speaking of publishing PGP keys, I'd also like to recommend https://keybase.io to those who haven't heard of it already. It looks to me like a promising platform for identity management. /Emil <https://keybase.io/emlun> -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvKBxFbWlsIEx1bmRiZXJnIDxsdW5kYmVyZy5lbWlsQGdtYWlsLmNv bT4FAlaOmK0ACgkQHSBkP9nuM68/Rg/7BlUklACQ4kb5xwnN2ZbaMsTcMS0HNaW0 c60MgzjhB0r+v8oABeTXI7VaYekOB23xdBBgAEnWroZvJaEWOU/NxJjHROqUr3eE nW/tldfvlc6B5ai3sjJO++1s5199SHPw4lsD3TQ5HhSZ88x8da5e/4JsCdcJhk48 Ak7hTqjgqZ7xGAxRzNUwqhFFbMY6ROkqQl5Acu8dM/YcBXGR/tIkgxrLTwVHCYFn 2OKMJpSZWY7EQmni7On744eDMDxrvfe4/v/485gU/NiCRJArtGWFKxu8zwZjgum1 7CoMZmPENn81hlu3FX8aeHQOQCYqDA//bagdkHgYbxOqdUarULc9Iw0ir1XYClHZ suM/M1Yep7M4Eb7pdwUkghW3j4FiYfUr6VgY0c5TcvtXzkMrjoQBfbD27wIPxz0E QfYoqzWUdoj8GHx4zSNDeizcY52tvrs80cs1pCulVGdweq+Jp1rGq/22DBqPUrzB 3BvxGi6f6qhqWD5v9abEImZQtRcE2M1OxS6/Mz+vZekOIWkt30QuaLocP5FBLXoC JPBIqKuZDWdlSt2YbZ/Xm0M5zYY1dxxhjVGUEuniRcWEbbCl5oprW/4GOgxD7xh2 OC1M8RDbSU8Xvzj1Pj1NeNFALm1iJIGyL6EBClrZ3nfgDMUkfZlom2wvUb0vu5E3 aILO4rqCAkY= =1Lw+ -----END PGP SIGNATURE-----
On 07/01, Emil Lundberg wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Speaking of publishing PGP keys, I'd also like to recommend https://keybase.io to those who haven't heard of it already. It looks to me like a promising platform for identity management.
/Emil <https://keybase.io/emlun> -----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvKBxFbWlsIEx1bmRiZXJnIDxsdW5kYmVyZy5lbWlsQGdtYWlsLmNv bT4FAlaOmK0ACgkQHSBkP9nuM68/Rg/7BlUklACQ4kb5xwnN2ZbaMsTcMS0HNaW0 c60MgzjhB0r+v8oABeTXI7VaYekOB23xdBBgAEnWroZvJaEWOU/NxJjHROqUr3eE nW/tldfvlc6B5ai3sjJO++1s5199SHPw4lsD3TQ5HhSZ88x8da5e/4JsCdcJhk48 Ak7hTqjgqZ7xGAxRzNUwqhFFbMY6ROkqQl5Acu8dM/YcBXGR/tIkgxrLTwVHCYFn 2OKMJpSZWY7EQmni7On744eDMDxrvfe4/v/485gU/NiCRJArtGWFKxu8zwZjgum1 7CoMZmPENn81hlu3FX8aeHQOQCYqDA//bagdkHgYbxOqdUarULc9Iw0ir1XYClHZ suM/M1Yep7M4Eb7pdwUkghW3j4FiYfUr6VgY0c5TcvtXzkMrjoQBfbD27wIPxz0E QfYoqzWUdoj8GHx4zSNDeizcY52tvrs80cs1pCulVGdweq+Jp1rGq/22DBqPUrzB 3BvxGi6f6qhqWD5v9abEImZQtRcE2M1OxS6/Mz+vZekOIWkt30QuaLocP5FBLXoC JPBIqKuZDWdlSt2YbZ/Xm0M5zYY1dxxhjVGUEuniRcWEbbCl5oprW/4GOgxD7xh2 OC1M8RDbSU8Xvzj1Pj1NeNFALm1iJIGyL6EBClrZ3nfgDMUkfZlom2wvUb0vu5E3 aILO4rqCAkY= =1Lw+ -----END PGP SIGNATURE-----
And speaking of PGP, please use PGP/MIME signed messages instead of old-style inline signatures. Inline signatures are known to break randomly, and many newer clients don't even try to verify them by default, and more importantly, they're just plain annoying to anyone trying to read your message in a non-PGP-capable reader. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
Am 07.01.2016 um 12:34 schrieb SanskritFritz:
I couldn't even find your https://github.com/michast/cornas repository on github :p Come on, you're screwed :D
Yes you are right, this whole thing turned in too much truble for me, so i decided to delete my repos / github account! Maybe I will upload it again later, but not sure about that... cheers Micha
Am 07.01.2016 um 18:34 schrieb Michael Straube:
Am 07.01.2016 um 12:34 schrieb SanskritFritz:
I couldn't even find your https://github.com/michast/cornas repository on github :p Come on, you're screwed :D
Yes you are right, this whole thing turned in too much truble for me, so i decided to delete my repos / github account! Maybe I will upload it again later, but not sure about that...
cheers Micha
One thing I like to say: I used Arch since about 2005 except for the last two years. I also contributed to the german arch wiki. Now I decided to use linux again. I am not a professional programmer, it's just a hobby and i only wanted to share some of my work about that I think it could be usefull for someone. But I have to say after all this i am near to loose interest in using arch and/or contribute something.
Thursday, January 7, 2016 7:17 PM +01:00 from Michael Straube <michastgit@web.de>:
Am 07.01.2016 um 18:34 schrieb Michael Straube:
Am 07.01.2016 um 12:34 schrieb SanskritFritz:
I couldn't even find your https://github.com/michast/cornas repository on github :p Come on, you're screwed :D
Yes you are right, this whole thing turned in too much truble for me, so i decided to delete my repos / github account! Maybe I will upload it again later, but not sure about that...
cheers Micha
One thing I like to say: I used Arch since about 2005 except for the last two years. I also contributed to the german arch wiki. Now I decided to use linux again. I am not a professional programmer, it's just a hobby and i only wanted to share some of my work about that I think it could be usefull for someone. But I have to say after all this i am near to loose interest in using arch and/or contribute something.
"After all this you are _near_ (but not finally) to loose interest..." - Never mind! Michael, your recent AUR Web-related perturbations (or some kind of sarcasm of us said in your address in this thread) should not to be considered as the reasons to leave Arch. Be with us, continue contributing (as you have already did it earlier), and simply use Arch everywhere... encourage others to do so. I don't know you personally but - I don't know why - I want cheer up you, hoping the community is thinking the same. -- Kind regards, Radislav (Radicchio) Golubtsov
participants (11)
-
Alexander Görtz
-
Emil Lundberg
-
Johannes Löthberg
-
Levente Polyak
-
Luchesar V. ILIEV
-
Mauro Santos
-
Michael Straube
-
michastgit@web.de
-
Radislav Golubtsov
-
respiranto
-
SanskritFritz