No more Bugzilla for me
Adam Williamson
awilliam at redhat.com
Wed Apr 22 15:35:35 UTC 2009
On Wed, 2009-04-22 at 23:26 +0800, Basil Mohamed Gohar wrote:
> On 04/22/2009 11:11 PM, Adam Williamson wrote:
> > On Wed, 2009-04-22 at 17:16 +0800, Basil Mohamed Gohar wrote:
> >
> >
> > > I've seen the idea floated around about Fedora Project having it's own
> > > bug tracking setup before. I know that's a monumental task, but FP
> > > has done others and the change was worth it.
> > >
> >
> > Remember that a plausible case that doesn't involve Red Hat data -
> > not-yet-public security issues - was subsequently cited. Even if we
> > split Fedora bugzilla from Red Hat bugzilla, it'll still contain
> > sensitive data.
> >
> Bugzilla is currently publicly accessible anyway. How would the case
> you've mentioned above affect this? What's hidden would remain
> hidden, right? Maybe I'm not understanding...
The point is that some Bugzilla accounts have access to such sensitive
information, thus we need to have a reasonably strong security policy
for Bugzilla accounts.
(Personally I agree with the argument that forcing people to change
passwords and not allowing passwords to be re-used doesn't really aid
security, though).
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the fedora-devel-list
mailing list