[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: No more Bugzilla for me



On Wed, 2009-04-22 at 23:26 +0800, Basil Mohamed Gohar wrote:
> On 04/22/2009 11:11 PM, Adam Williamson wrote: 
> > On Wed, 2009-04-22 at 17:16 +0800, Basil Mohamed Gohar wrote:
> >   
> >   
> > > I've seen the idea floated around about Fedora Project having it's own
> > > bug tracking setup before.  I know that's a monumental task, but FP
> > > has done others and the change was worth it.
> > >     
> > 
> > Remember that a plausible case that doesn't involve Red Hat data -
> > not-yet-public security issues - was subsequently cited. Even if we
> > split Fedora bugzilla from Red Hat bugzilla, it'll still contain
> > sensitive data.
> >   
> Bugzilla is currently publicly accessible anyway.  How would the case
> you've mentioned above affect this?  What's hidden would remain
> hidden, right?  Maybe I'm not understanding...

The point is that some Bugzilla accounts have access to such sensitive
information, thus we need to have a reasonably strong security policy
for Bugzilla accounts.

(Personally I agree with the argument that forcing people to change
passwords and not allowing passwords to be re-used doesn't really aid
security, though).
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]