Codeblock is working on a new FAS release for production deployment just after the Fedora 18 alpha release. puiterwijk has added a security question feature to this release that could use some testing. The idea of the security question is that if you enter it into fas and subsequently lose both your password and access to the email address you used in FAS (For instance, if you change jobs) you can ask an admin to verify you via your security question. The admin will ask you the question you asked in FAS and then see if the answer you give matches what's recorded in fas. This is a manual process because we want to allow fuzzy matches for the answers. To mitigate some of the risk of having another means of verifying you, we've encrypted the answer to the question with a public key. The admins have access to the private key and will be decrypting and reading your question and answer when you need to verify. Please be aware of that when choosing a question and answer. For testing purposes, if people would like to add questions and answers to their accounts on the stg server they can do so here: https://admin.stg.fedoraproject.org/accounts/user/changequestion Sometime before pushing to production, I'll be testing that I can ***decrypt all the answers*** that have been entered here so that we don't end up with a production instance that's saving answers we cannot later read. Please be aware of that and use values you don't care about if this concerns you. If you see any issues with this, found a way to retrieve someone else's question or answer (and aren't an admin), etc, please bring it up with us so we can fix the issue. Thanks for any testing! -Toshio
Attachment:
pgpGM5UTDo1xc.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
