No more Bugzilla for me
David Woodhouse
dwmw2 at infradead.org
Wed Apr 22 07:53:52 UTC 2009
On Tue, 2009-04-21 at 22:12 -0700, Jesse Keating wrote:
> On Wed, 2009-04-22 at 14:31 +1000, Rodd Clarkson wrote:
> > Ah, I'm a little confused.
> >
> > All that was requested was a change of password. This doesn't stop Joe
> > Public from signing up and accessing bugzilla, and presumably doesn't
> > stop Joe from viewing leaky NDA's.
> >
> > All it seems to do is make me have to change a password.
> >
> > Surely if there are leaks using the old password, then there's still
> > leaks with my new password (which is actually my old password since I
> > went back in and changed it back).
>
> There is a theory that changing passwords on a regular bases lessens the
> risk of somebody's password being stolen and used nefariously.
> Depending on the account compromised the damage increases from nuisance
> to legally damaging.
What is the lifetime of bugzilla login cookies?
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
More information about the fedora-devel-list
mailing list