Fedora Community Pre-Beta Testing
"Jóhann B. Guðmundsson"
johannbg at hi.is
Wed May 13 20:39:40 UTC 2009
On 05/13/2009 08:38 PM, Tom "spot" Callaway wrote:
> On 05/13/2009 04:32 PM, Till Maas wrote:
>
>> I hope this is only misleading, but it looks to me that this test application
>> demands the original FAS username/password from testers, which are then sent
>> via an connection where the certificate cannot be easily verified by the
>> testers. Also it is a bad idea to use these very important credentials in an
>> application that may still have security flaws, because it is still in
>> development. Last but not least this is also a bad education for the users
>> that get used to provide their credentials to untrustworthy websites.
>>
>
> I'm not entirely sure I follow this logic. Lots of things authenticate
> against FAS. The source code for every bit of this web application is
> open source and available for review. Do you trust Bodhi? How about
> pkgdb? Or koji? Barring some specific security vulnerability (which you
> haven't pointed out), this criticism seems unfounded.
>
Will it be possible to give karma points and comment on updates-testing
and rawhide
components and possible give feed back from test day's/cases ?
--
Viking-Ice
One of my gods has a hammer your's was nailed to a cross
You do the math!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090513/917e31d4/attachment.htm>
More information about the fedora-devel-list
mailing list