No more Bugzilla for me
Callum Lerwick
seg at haxxed.com
Wed Apr 22 17:41:43 UTC 2009
On Wed, 2009-04-22 at 07:01 -0700, Jesse Keating wrote:
> On Wed, 2009-04-22 at 08:53 +0100, David Woodhouse wrote:
> > > There is a theory that changing passwords on a regular bases lessens the
> > > risk of somebody's password being stolen and used nefariously.
> > > Depending on the account compromised the damage increases from nuisance
> > > to legally damaging.
> >
> > What is the lifetime of bugzilla login cookies?
>
> I have no idea. I'm not defending the actions of whomever forced the
> password reset, I'm just trying to explain what I gather their
> motivation was.
When "getting sued" is involved, security theater is much more important
than actual security.
Stop thinking like engineers and thinking like suits and lawyers (in
suits).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090422/6d25b0c3/attachment.sig>
More information about the fedora-devel-list
mailing list