Re: No more Bugzilla for me

[Basil Mohamed Gohar <abu_hurayrah hidayahonline org>]

On 04/22/2009 06:32 AM, Adam Williamson wrote:
> On Wed, 2009-04-22 at 06:28 +0800, Basil Mohamed Gohar wrote:
>    
> > On 04/22/2009 06:20 AM, Konstantin Ryabitsev wrote:
> >      
> > > On Tue, Apr 21, 2009 at 5:45 PM, Dr. Diesel<dr diesel gmail com>   wrote:
> > >
> > >        
> > > > Where I work there is a different pass to log-in, then a unique pass for
> > > > each piece of software.  So I write them on my monitor case with a pencil,
> > > > never forget one and easy to update all 10 or so each month.
> > > >
> > > >          
> > > I routinely rely on http://supergenpass.com/ to have unique per-site
> > > passwords that I don't have to remember -- only the master password.
> > >
> > >
> > >        
> > I use Password Generator + Revelation under Gnome for exactly the same
> > purpose.  I've gotten quite used to it, and I like the idea of now
> > having secure passwords for almost all of my accounts.
> >      
>
> Yeah, me too, I couldn't live without Revelation now.
>
> In terms of the initial complaint, it does seem valid to me. Does an
> ordinary Bugzilla account really need that level of security
> busybodying?
>    
I agree, actually.  Can poorly-authenticated access to Bugzilla really 
cause such a degree of havoc?

Incidentally, I think tying Bugzilla accounts into FAS would be fine.  
Lots of consolidation work to do, I'm sure, but in the end, it'll be 
worth, and at least it's one more set of account information that needs 
to be kept/tracked.