diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-23 18:10:47 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-23 18:10:47 +0300 |
commit | 5ff5047fdc2c614f347de5c388424b50a5460165 (patch) | |
tree | 4c6ca5c4cb1e822e4ac213b44b1334000c00fa7d /doc | |
parent | 6cbe9eaeb3b69ff378e23eec3a5f33caf92b6d16 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/development/fe_guide/style/scss.md | 2 | ||||
-rw-r--r-- | doc/development/feature_flags/development.md | 3 | ||||
-rw-r--r-- | doc/development/usage_ping.md | 2 | ||||
-rw-r--r-- | doc/security/two_factor_authentication.md | 11 | ||||
-rw-r--r-- | doc/user/admin_area/settings/account_and_limit_settings.md | 2 |
5 files changed, 15 insertions, 5 deletions
diff --git a/doc/development/fe_guide/style/scss.md b/doc/development/fe_guide/style/scss.md index a39cc1305b7..c0817626360 100644 --- a/doc/development/fe_guide/style/scss.md +++ b/doc/development/fe_guide/style/scss.md @@ -99,7 +99,7 @@ ul { // Best // prefer an existing utility class over adding existing styles -```0 +``` Class names are also preferable to IDs. Rules that use IDs are not-reusable, as there can only be one affected element on diff --git a/doc/development/feature_flags/development.md b/doc/development/feature_flags/development.md index 0cdfa3e68d7..792b4a1a27f 100644 --- a/doc/development/feature_flags/development.md +++ b/doc/development/feature_flags/development.md @@ -71,7 +71,8 @@ push_frontend_feature_flag(:my_ops_flag, project, type: :ops) `experiment` feature flags are used for A/B testing on GitLab.com. An `experiment` feature flag should conform to the same standards as a `development` feature flag, -although the interface has some differences. More information can be found in the [experiment guide](../experiment_guide/index.md). +although the interface has some differences. An experiment feature flag should have a rollout issue, +ideally created using the [Experiment Tracking template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/experiment_tracking_template.md). More information can be found in the [experiment guide](../experiment_guide/index.md). ## Feature flag definition and validation diff --git a/doc/development/usage_ping.md b/doc/development/usage_ping.md index 130da059583..fc807b4a2f8 100644 --- a/doc/development/usage_ping.md +++ b/doc/development/usage_ping.md @@ -753,7 +753,7 @@ alt_usage_data(999) ### Adding counters to build new metrics When adding the results of two counters, use the `add` usage data method that -handles fallback values and exceptions. It also generates a valid SQL export. +handles fallback values and exceptions. It also generates a valid [SQL export](#exporting-usage-ping-sql-queries-and-definitions). Example usage: diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md index 7a9ed9d435d..6762becec2d 100644 --- a/doc/security/two_factor_authentication.md +++ b/doc/security/two_factor_authentication.md @@ -129,8 +129,15 @@ verification can be done via a GitLab Shell command: ssh git@<hostname> 2fa_verify ``` -Once the OTP is verified, Git over SSH operations can be used for 15 minutes -with the associated SSH key. +Once the OTP is verified, Git over SSH operations can be used for a session duration of +15 minutes (default) with the associated SSH key. + +### Security limitation + +2FA does not protect users with compromised *private* SSH keys. + +Once an OTP is verified, anyone can run Git over SSH with that private SSH key for +the configured [session duration](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled). ### Enable or disable Two-factor Authentication (2FA) for Git operations diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md index 2b230f9fb6e..0f391118215 100644 --- a/doc/user/admin_area/settings/account_and_limit_settings.md +++ b/doc/user/admin_area/settings/account_and_limit_settings.md @@ -191,6 +191,8 @@ You can prevent the use of expired SSH keys with the following steps: 1. Expand the **Account and limit** section. 1. Select the **Enforce SSH key expiration** checkbox. +Enforcing SSH key expiration immediately disables all expired SSH keys. + For more information, see the following issue on [SSH key expiration](https://gitlab.com/gitlab-org/gitlab/-/issues/320970). ## Optional non-enforcement of Personal Access Token expiration **(ULTIMATE SELF)** |