[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: No more Bugzilla for me

* Felix Miata [22/04/2009 22:35] :
> On the contrary, anyone who wants one can get a Bugzilla account, which
> *every* bug is exposed to the whole world to see, until such time as that bug
> is restricted to extraordinary accounts, those that are unavailable to every
> Tom, Dick & Harry. Unless that happens, there is no actual security at all,
> regardless of password policy.

Yup. That's why you have the option at all times to mark a bug as being
security sensitive, which you should do as soon as you realize that a
security exploit might be in question.

> In the meantime, those few bugs I filed that ever got any attention from
> anyone other than myself will be unable to get any further attention from me,
> only because I am forbidden from using my own choice of virtually pointless
> password.

I'm just saying that all Bugzilla need strong passwords, nothing else.
Personally, I would argue that the current policy encourages weak password
but that's just a gut feeling.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]