Mercurial > p > roundup > code

diff website/issues/config.ini @ 5290:33e1cf136f1d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated with new config settings and updated docs. Also changed subject prefix/suffix parsing to loose so a subject with a bracketed expression that is not parsible by the system will just be passed through. We have had a couple of occasions where we had a reject that should have been passed.
author John Rouillard <rouilj@ieee.org>
date Sun, 24 Sep 2017 21:14:12 -0400
parents c2d0d3e9099d
children b48e2fe4a7bd
line wrap: on
line diff
--- a/website/issues/config.ini	Sun Sep 24 19:22:14 2017 -0400
+++ b/website/issues/config.ini	Sun Sep 24 21:14:12 2017 -0400
@@ -1,42 +1,54 @@
 # Roundup issue tracker configuration file
-# Autogenerated at Fri Nov 17 16:59:49 2006
+# Autogenerated at Wed Sep 20 20:03:15 2017
 
 # WARNING! Following options need adjustments:
-#  [mail]: domain, host
-#  [tracker]: web
+#  [mail]: host
 
 [main]
 
 # Database directory path.
 # The path may be either absolute or relative
-# to the directory containig this config file.
+# to the directory containing this config file.
 # Default: db
 database = db
 
+# Templating engine to use.
+# Possible values are 'zopetal' for the old TAL engine
+# ported from Zope, or 'chameleon' for Chameleon.
+# Default: zopetal
+template_engine = zopetal
+
 # Path to the HTML templates directory.
 # The path may be either absolute or relative
-# to the directory containig this config file.
+# to the directory containing this config file.
 # Default: html
 templates = html
 
-# Path to directory holding additional static files
-# available via Web UI.  This directory may contain
-# sitewide images, CSS stylesheets etc. and is searched
-# for these files prior to the TEMPLATES directory
-# specified above.  If this option is not set, all static
-# files are taken from the TEMPLATES directory
-# The path may be either absolute or relative
-# to the directory containig this config file.
+# A list of space separated directory paths (or a single
+# directory).  These directories hold additional static
+# files available via Web UI.  These directories may
+# contain sitewide images, CSS stylesheets etc. If a '-'
+# is included, the list processing ends and the TEMPLATES
+# directory is not searched after the specified
+# directories.  If this option is not set, all static
+# files are taken from the TEMPLATES directory.
+# The space separated paths may be either absolute or
+# relative to the directory containing this config file.
 # Default: 
 static_files = 
 
-# Email address that roundup will complain to if it runs into trouble.
+# Email address that roundup will complain to if it runs
+# into trouble.
+# If no domain is specified then the config item
+# mail -> domain is added.
 # Default: roundup-admin
 admin_email = admin@issues.roundup-tracker.org
 
 # The 'dispatcher' is a role that can get notified
 # of new items to the database.
 # It is used by the ERROR_MESSAGES_TO config setting.
+# If no domain is specified then the config item
+# mail -> domain is added.
 # Default: roundup-admin
 dispatcher_email = admin@issues.roundup-tracker.org
 
@@ -90,6 +102,13 @@
 # Default: yes
 email_registration_confirmation = yes
 
+# Force Roundup to use a particular text indexer.
+# If no indexer is supplied, the first available indexer
+# will be used in the following order:
+# Possible values: xapian, whoosh, native (internal).
+# Default: 
+indexer = 
+
 # Additional stop-words for the full-text indexer specific to
 # your tracker. See the indexer source for the default list of
 # stop-words (eg. A,AND,ARE,AS,AT,BE,BUT,BY, ...)
@@ -101,6 +120,33 @@
 # Default: 02
 umask = 02
 
+# Maximum size of a csv-field during import. Roundups export
+# format is a csv (comma separated values) variant. The csv
+# reader has a limit on the size of individual fields
+# starting with python 2.5. Set this to a higher value if you
+# get the error 'Error: field larger than field limit' during
+# import.
+# Default: 131072
+csv_field_size = 131072
+
+# Sets the default number of rounds used when encoding passwords
+# using the PBKDF2 scheme. Set this to a higher value on faster
+# systems which want more security.
+# PBKDF2 (Password-Based Key Derivation Function) is a
+# password hashing mechanism that derives hash from the
+# password and a random salt. For authentication this process
+# is repeated with the same salt as in the stored hash.
+# If both hashes match, the authentication succeeds.
+# PBKDF2 supports a variable 'rounds' parameter which varies
+# the time-cost of calculating the hash - doubling the number
+# of rounds doubles the cpu time required to calculate it. The
+# purpose of this is to periodically adjust the rounds as CPUs
+# become faster. The currently enforced minimum number of
+# rounds is 1000.
+# See: http://en.wikipedia.org/wiki/PBKDF2 and RFC2898
+# Default: 10000
+password_pbkdf2_default_rounds = 10000
+
 [tracker]
 
 # A descriptive name for your roundup instance.
@@ -116,9 +162,26 @@
 web = http://issues.roundup-tracker.org/
 
 # Email address that mail to roundup should go to.
+# If no domain is specified then mail_domain is added.
 # Default: issue_tracker
 email = issues@roundup-tracker.org
 
+# Controls the reply-to header address used when sending
+# nosy messages.
+# If the value is unset (default) the roundup tracker's
+# email address (above) is used.
+# If set to "AUTHOR" then the primary email address of the
+# author of the change will be used as the reply-to
+# address. This allows email exchanges to occur outside of
+# the view of roundup and exposes the address of the person
+# who updated the issue, but it could be useful in some
+# unusual circumstances.
+# If set to some other value, the value is used as the reply-to
+# address. It must be a valid RFC2822 address or people will not be
+# able to reply.
+# Default: 
+replyto_address = 
+
 # Default locale name for this tracker.
 # If this option is not set, the language is determined
 # by OS environment variable LANGUAGE, LC_ALL, LC_MESSAGES,
@@ -128,6 +191,14 @@
 
 [web]
 
+# Setting this option enables Roundup to serve uploaded HTML
+# file content *as HTML*. This is a potential security risk
+# and is therefore disabled by default. Set to 'yes' if you
+# trust *all* users uploading content to your tracker.
+# Allowed values: yes, no
+# Default: no
+allow_html_file = no
+
 # Whether to use HTTP Basic Authentication, if present.
 # Roundup will use either the REMOTE_USER or HTTP_AUTHORIZATION
 # variables supplied by your web server (in that order).
@@ -137,6 +208,120 @@
 # Default: yes
 http_auth = yes
 
+# Set the mode of the SameSite cookie option for
+# the session cookie. Choices are 'Lax' or
+# 'Strict'. 'None' can be used to suppress the
+# option. Strict mode provides additional security
+# against CSRF attacks, but may confuse users who
+# are logged into roundup and open a roundup link
+# from a source other than roundup (e.g. link in
+# email).
+# Allowed values: Strict, Lax, None
+# Default: Lax
+samesite_cookie_setting = Lax
+
+# How do we deal with @csrf fields in posted forms.
+# Set this to 'required' to block the post and notify
+#     the user if the field is missing or invalid.
+# Set this to 'yes' to block the post and notify the user
+#     if the token is invalid, but accept the form if
+#     the field is missing.
+# Set this to 'logfailure' to log a notice to the roundup
+#     log if the field is invalid or missing, but accept
+#     the post.
+# Set this to 'no' to ignore the field and accept the post.
+#             
+# Allowed values: required, yes, logfailure, no
+# Default: yes
+csrf_enforce_token = required
+
+# csrf_tokens have a limited lifetime. If they are not
+# used they are purged from the database after this
+# number of minutes. Default (20160) is 2 weeks.
+# Default: 20160
+csrf_token_lifetime = 10080
+
+# This is only used for xmlrpc requests. This test is
+# done after Origin and Referer headers are checked. It only
+# verifies that the X-Requested-With header exists. The value
+# is ignored.
+# Set this to 'required' to block the post and notify
+#     the user if the header is missing or invalid.
+# Set this to 'yes' is the same as required.
+# Set this to 'logfailure' is the same as 'no'.
+# Set this to 'no' to ignore the header and accept the post.
+# Allowed values: required, yes, logfailure, no
+# Default: yes
+csrf_enforce_header_x-requested-with = yes
+
+# Verify that the Referer http header matches the
+# tracker.web setting in config.ini.
+# Set this to 'required' to block the post and notify
+#     the user if the header is missing or invalid.
+# Set this to 'yes' to block the post and notify the user
+#     if the header is invalid, but accept the form if
+#     the field is missing.
+# Set this to 'logfailure' to log a notice to the roundup
+#     log if the header is invalid or missing, but accept
+#     the post.
+# Set this to 'no' to ignore the header and accept the post.
+# Allowed values: required, yes, logfailure, no
+# Default: yes
+csrf_enforce_header_referer = yes
+
+# Verify that the Origin http header matches the
+# tracker.web setting in config.ini.
+# Set this to 'required' to block the post and notify
+#     the user if the header is missing or invalid.
+# Set this to 'yes' to block the post and notify the user
+#     if the header is invalid, but accept the form if
+#     the field is missing.
+# Set this to 'logfailure' to log a notice to the roundup
+#     log if the header is invalid or missing, but accept
+#     the post.
+# Set this to 'no' to ignore the header and accept the post.
+# Allowed values: required, yes, logfailure, no
+# Default: yes
+csrf_enforce_header_origin = yes
+
+# Verify that the X-Forwarded-Host http header matches
+# the host part of the tracker.web setting in config.ini.
+# Set this to 'required' to block the post and notify
+#     the user if the header is missing or invalid.
+# Set this to 'yes' to block the post and notify the user
+#     if the header is invalid, but accept the form if
+#     the field is missing.
+# Set this to 'logfailure' to log a notice to the roundup
+#     log if the header is invalid or missing, but accept
+#     the post.
+# Set this to 'no' to ignore the header and accept the post.
+# Allowed values: required, yes, logfailure, no
+# Default: yes
+csrf_enforce_header_x-forwarded-host = yes
+
+# "If there is no X-Forward-Host header, verify that
+# the Host http header matches the host part of the
+# tracker.web setting in config.ini.
+# Set this to 'required' to block the post and notify
+#     the user if the header is missing or invalid.
+# Set this to 'yes' to block the post and notify the user
+#     if the header is invalid, but accept the form if
+#     the field is missing.
+# Set this to 'logfailure' to log a notice to the roundup
+#     log if the header is invalid or missing, but accept
+#     the post.
+# Set this to 'no' to ignore the header and accept the post.
+# Allowed values: required, yes, logfailure, no
+# Default: yes
+csrf_enforce_header_host = yes
+
+# Minimum number of header checks that must pass
+# to accept the request. Set to 0 to accept post
+# even if no header checks pass. Usually the Host header check
+# always passes, so setting it less than 1 is not recommended.
+# Default: 1
+csrf_header_min_count = 1
+
 # Whether to use HTTP Accept-Language, if present.
 # Browsers send a language-region preference list.
 # It's usually set in the client's browser or in their
@@ -153,13 +338,24 @@
 # Default: no
 debug = no
 
-# Settings in this section are used by Postgresql and MySQL backends only
+# Setting this option makes Roundup migrate passwords with
+# an insecure password-scheme to a more secure scheme
+# when the user logs in via the web-interface.
+# Allowed values: yes, no
+# Default: yes
+migrate_passwords = yes
+
+# Settings in this section are used by RDBMS backends only
 [rdbms]
 
 # Name of the database to use.
 # Default: roundup
 name = roundup_roundup_tracker
 
+# Database backend.
+# Default: 
+backend = postgresql
+
 # Database server host.
 # Default: localhost
 host = localhost
@@ -189,6 +385,52 @@
 # Default: roundup
 read_default_group = roundup
 
+# Number of seconds to wait when the SQLite database is locked
+# Default: use a 30 second timeout (extraordinarily generous)
+# Only used in SQLite connections.
+# Default: 30
+sqlite_timeout = 30
+
+# Size of the node cache (in elements)
+# Default: 100
+cache_size = 100
+
+# Setting this option to 'no' protects the database against table creations.
+# Allowed values: yes, no
+# Default: yes
+allow_create = yes
+
+# Setting this option to 'no' protects the database against table alterations.
+# Allowed values: yes, no
+# Default: yes
+allow_alter = yes
+
+# Setting this option to 'no' protects the database against table drops.
+# Allowed values: yes, no
+# Default: yes
+allow_drop = yes
+
+# Name of the PostgreSQL template for database creation.
+# For database creation the template used has to match
+# the character encoding used (UTF8), there are different
+# PostgreSQL installations using different templates with
+# different encodings. If you get an error:
+#   new encoding (UTF8) is incompatible with the encoding of
+#   the template database (SQL_ASCII)
+#   HINT:  Use the same encoding as in the template database,
+#   or use template0 as template.
+# then set this option to the template name given in the
+# error message.
+# Default: 
+template = 
+
+# Database isolation level, currently supported for
+# PostgreSQL and mysql. See, e.g.,
+# http://www.postgresql.org/docs/9.1/static/transaction-iso.html
+# Allowed values: 'read uncommitted', 'read committed', 'repeatable read', 'serializable'
+# Default: read committed
+isolation_level = read committed
+
 [logging]
 
 # Path to configuration file for standard Python logging module.
@@ -196,7 +438,7 @@
 # from specified file; options 'filename' and 'level'
 # in this section are ignored.
 # The path may be either absolute or relative
-# to the directory containig this config file.
+# to the directory containing this config file.
 # Default: 
 config = 
 
@@ -204,7 +446,7 @@
 # If no file name specified, log messages are written on stderr.
 # If above 'config' option is set, this option has no effect.
 # The path may be either absolute or relative
-# to the directory containig this config file.
+# to the directory containing this config file.
 # Default: 
 filename = 
 
@@ -215,12 +457,15 @@
 level = ERROR
 
 # Outgoing email options.
-# Used for nozy messages and approval requests
+# Used for nosy messages and approval requests
 [mail]
 
-# Domain name used for email addresses.
+# The email domain that admin_email, issue_tracker and
+# dispatcher_email belong to.
+# This domain is added to those config items if they don't
+# explicitly include a domain.
+# Do not include the '@' symbol.
 # Default: NO DEFAULT
-#domain = NO DEFAULT
 domain = psf.upfronthosting.co.za
 
 # SMTP mail host that roundup will use to send mail
@@ -239,6 +484,16 @@
 # Default: NO DEFAULT
 #password = NO DEFAULT
 
+# Default port to send SMTP on.
+# Set this if your mail server runs on a different port.
+# Default: 25
+port = 25
+
+# The local hostname to use during SMTP transmission.
+# Set this if your mail server requires something specific.
+# Default: 
+local_hostname = 
+
 # If your SMTP mail host provides or requires TLS
 # (Transport Layer Security) then set this option to 'yes'.
 # Allowed values: yes, no
@@ -248,14 +503,14 @@
 # If TLS is used, you may set this option to the name
 # of a PEM formatted file that contains your private key.
 # The path may be either absolute or relative
-# to the directory containig this config file.
+# to the directory containing this config file.
 # Default: 
 tls_keyfile = 
 
 # If TLS is used, you may set this option to the name
 # of a PEM formatted certificate chain file.
 # The path may be either absolute or relative
-# to the directory containig this config file.
+# to the directory containing this config file.
 # Default: 
 tls_certfile = 
 
@@ -267,29 +522,48 @@
 # Default: utf-8
 charset = utf-8
 
-# Setting this option makes Roundup to write all outgoing email
+# Setting this option makes Roundup write all outgoing email
 # messages to this file *instead* of sending them.
 # This option has the same effect as environment variable SENDMAILDEBUG.
 # Environment variable takes precedence.
 # The path may be either absolute or relative
-# to the directory containig this config file.
+# to the directory containing this config file.
 # Default: 
 #debug = /home/roundup/outgoing-mail
 debug = 
 
+# Add a line with author information at top of all messages
+# sent by roundup
+# Allowed values: yes, no
+# Default: yes
+add_authorinfo = yes
+
+# Add the mail address of the author to the author information at
+# the top of all messages.
+# If this is false but add_authorinfo is true, only the name
+# of the actor is added which protects the mail address of the
+# actor from being exposed at mail archives, etc.
+# Allowed values: yes, no
+# Default: yes
+add_authoremail = no
+
 # Roundup Mail Gateway options
 [mailgw]
 
 # Keep email citations when accepting messages.
-# Setting this to "no" strips out "quoted" text from the message.
+# Setting this to "no" strips out "quoted" text
+# from the message. Setting this to "new" keeps quoted
+# text only if a new issue is being created.
 # Signatures are also stripped.
-# Allowed values: yes, no
+# Allowed values: yes, no, new
 # Default: yes
 keep_quoted_text = yes
 
-# Preserve the email body as is - that is,
-# keep the citations _and_ signatures.
-# Allowed values: yes, no
+# Setting this to "yes" preserves the email body
+# as is - that is, keep the citations _and_ signatures.
+# Setting this to "new" keeps the body only if we are
+# creating a new issue.
+# Allowed values: yes, no, new
 # Default: no
 leave_body_unchanged = no
 
@@ -313,7 +587,7 @@
 # recognised. "none" will always pass any [prefix]
 # through as part of the issue title.
 # Default: strict
-subject_prefix_parsing = strict
+subject_prefix_parsing = loose
 
 # Controls the parsing of the [suffix] on subject
 # lines in incoming emails. "strict" will return an
@@ -323,7 +597,7 @@
 # recognised. "none" will always pass any [suffix]
 # through as part of the issue title.
 # Default: strict
-subject_suffix_parsing = strict
+subject_suffix_parsing = loose
 
 # Defines the brackets used for delimiting the prefix and 
 # suffix in a subject line. The presence of "suffix" in
@@ -342,11 +616,121 @@
 # Default: always
 subject_content_match = always
 
+# Update issue title if incoming subject of email is different.
+# Setting this to "no" will ignore the title part of the subject
+# of incoming email messages.
+# 
+# Allowed values: yes, no
+# Default: yes
+subject_updates_title = no
+
+# Regular expression matching a single reply or forward
+# prefix prepended by the mailer. This is explicitly
+# stripped from the subject during parsing.
+# Value is Python Regular Expression (UTF8-encoded).
+# Default: (\s*\W?\s*(fw|fwd|re|aw|sv|ang)\W)+
+refwd_re = (\s*\W?\s*(fw|fwd|re|aw|sv|ang)\W)+
+
+# Regular expression matching start of an original message
+# if quoted the in body.
+# Value is Python Regular Expression (UTF8-encoded).
+# Default: ^[>|\s]*-----\s?Original Message\s?-----$
+origmsg_re = ^[>|\s]*-----\s?Original Message\s?-----$
+
+# Regular expression matching the start of a signature
+# in the message body.
+# Value is Python Regular Expression (UTF8-encoded).
+# Default: ^[>|\s]*-- ?$
+sign_re = ^[>|\s]*-- ?$
+
+# Regular expression matching end of line.
+# Value is Python Regular Expression (UTF8-encoded).
+# Default: [\r\n]+
+eol_re = [\r\n]+
+
+# Regular expression matching a blank line.
+# Value is Python Regular Expression (UTF8-encoded).
+# Default: [\r\n]+\s*[\r\n]+
+blankline_re = [\r\n]+\s*[\r\n]+
+
+# Unpack attached messages (encoded as message/rfc822 in MIME)
+# as multiple parts attached as files to the issue, if not
+# set we handle message/rfc822 attachments as a single file.
+# Allowed values: yes, no
+# Default: no
+unpack_rfc822 = no
+
+# When parsing incoming mails, roundup uses the first
+# text/plain part it finds. If this part is inside a
+# multipart/alternative, and this option is set, all other
+# parts of the multipart/alternative are ignored. The default
+# is to keep all parts and attach them to the issue.
+# Allowed values: yes, no
+# Default: no
+ignore_alternatives = no
+
+# When handling emails ignore the Resent-From:-header
+# and use the original senders From:-header instead.
+# (This might be desirable in some situations where a moderator
+# reads incoming messages first before bouncing them to Roundup)
+# Allowed values: yes, no
+# Default: no
+keep_real_from = no
+
+# OpenPGP mail processing options
+[pgp]
+
+# Enable PGP processing. Requires pyme. If you're planning
+# to send encrypted PGP mail to the tracker, you should also
+# enable the encrypt-option below, otherwise mail received
+# encrypted might be sent unencrypted to another user.
+# Allowed values: yes, no
+# Default: no
+enable = no
+
+# If specified, a comma-separated list of roles to perform
+# PGP processing on. If not specified, it happens for all
+# users. Note that received PGP messages (signed and/or
+# encrypted) will be processed with PGP even if the user
+# doesn't have one of the PGP roles, you can use this to make
+# PGP processing completely optional by defining a role here
+# and not assigning any users to that role.
+# Default: 
+roles = 
+
+# Location of PGP directory. Defaults to $HOME/.gnupg if
+# not specified.
+# Default: 
+homedir = 
+
+# Enable PGP encryption. All outgoing mails are encrypted.
+# This requires that keys for all users (with one of the gpg
+# roles above or all users if empty) are available. Note that
+# it makes sense to educate users to also send mails encrypted
+# to the tracker, to enforce this, set 'require_incoming'
+# option below (but see the note).
+# Allowed values: yes, no
+# Default: no
+encrypt = no
+
+# Require that pgp messages received by roundup are either
+# 'signed', 'encrypted' or 'both'. If encryption is required
+# we do not return the message (in clear) to the user but just
+# send an informational message that the message was rejected.
+# Note that this still presents known-plaintext to an attacker
+# when the users sends the mail a second time with encryption
+# turned on.
+# Default: signed
+require_incoming = signed
+
 # Nosy messages sending
 [nosy]
 
 # Send nosy messages to the author of the message.
-# Allowed values: yes, no, new
+# Allowed values: yes, no, new, nosy -- if yes, messages
+# are sent to the author even if not on the nosy list, same
+# for new (but only for new messages). When set to nosy,
+# the nosy list controls sending messages to the author.
 # Default: no
 messages_to_author = yes
 
@@ -381,3 +765,9 @@
 # each recipient as a CC address.
 # Default: single
 email_sending = multiple
+
+# Attachments larger than the given number of bytes
+# won't be attached to nosy mails. They will be replaced by
+# a link to the tracker's download page for the file.
+# Default: 9223372036854775807
+max_attachment_size = 9223372036854775807
Roundup Issue Tracker: http://roundup-tracker.org/