Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds Washington Post #41

Merged
merged 1 commit into from
Apr 6, 2021
Merged

Adds Washington Post #41

merged 1 commit into from
Apr 6, 2021

Conversation

conorsch
Copy link
Contributor

@conorsch conorsch commented Apr 5, 2021
edited by eloquence
Loading

Status

Ready for review

Also updates the Makefile so that running "make" with no args rebuilds the rules. Closes #40.

Review Checklist

  • Changes to onboarded.txt are accurate
  • The file default.rulesets.TIMESTAMP.gz has been updated, extracting that file and inspecting the contents of the JSON file produces the expected rules
  • The ruleset has been verified by modifying the HTTPS Everywhere configuration in a Tor Browser instance pointing to Path Prefix: https://raw.githubusercontent.com/freedomofpress/securedrop-https-everywhere-ruleset/$BRANCH_NAME
  • index.html has been updated using ./update_index.sh

Post-Deployment Checklist

  • Added/modified onion names have been updated in the SecureDrop Directory

Adds Washington Post
9bdd2fc 
Also updates the Makefile so that running "make" with no args rebuilds
the rules.
@conorsch conorsch requested review from eloquence, emkll and rocodes April 5, 2021 17:21
@eloquence
Copy link
Member

(I'll review.)

eloquence
eloquence reviewed Apr 6, 2021
View reviewed changes
rulesets/washington-post-securedrop-ruleset.xml
<ruleset name="The Washington Post">
<target host="washingtonpost.securedrop.tor.onion" />
<rule from="^http[s]?://washingtonpost.securedrop.tor.onion"
to="http://vfnmxpa6fo4jdpyq3yneqhglluweax2uclvxkytfpmpkp5rsl75ir5qd.onion" />
Copy link
Member

@eloquence eloquence Apr 6, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like NYT, WaPo redirects to HTTPS, but because we do not record this fact in the directory, our script always generates http:// URLs:

securedrop-https-everywhere-ruleset/sddir.py

Line 10 in 1b51226

DEFAULT_ONION_PROTOCOL = "http://" # We don't store protocol in the directory

If we want to change this behavior I think it should be done at the ruleset generation level; I've filed freedomofpress/securedrop.org#832 to discuss. Since we also point to http:// for NYT (another HTTPS onion) already and the security considerations appear minor (see issue), I don't consider this a reason to put this PR on hold.

eloquence
eloquence approved these changes Apr 6, 2021
View reviewed changes
Copy link
Member

@eloquence eloquence left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All LGTM; left note re: http vs. https for future reference.

@eloquence eloquence merged commit 3aa0b53 into main Apr 6, 2021
@maeve-fpf maeve-fpf deleted the 40-wapo branch August 19, 2021 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eloquence eloquence eloquence approved these changes

@emkll emkll Awaiting requested review from emkll

@rocodes rocodes Awaiting requested review from rocodes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Set up onion name for Washington Post
2 participants
@conorsch @eloquence