Hi infrastructure team, I am in doubt how to deal with "endoflife" service account. In fact, it is not really an account, it is just an email alias. This email address has been used for maintaining and housekeeping of old bugs in Bugzilla. The background: This email alias used to be forwarded to triage@ mailing list. Some time ago password policy of Bugzilla has changed and this email/account become unavailable due to a weak password. To make this email/account available again I had to request password reset of the Bugzilla account. The password reset in Bugzilla is made via email and the email to confirm the password reset had been sent to the publicly available triage@ mailing list. Then I have realized that anybody can hijack the account, using the password reset. To avoid this, I redirected the endoflife Bugzilla account to my private email address. However I to not think this is a good solution and I would like to find a way how to solve this problem properly. Currently, the best way I see, is to make the "endoflife" email alias as a full-blown account in FAS, instead of email alias only. However as far as I know, we are using FAS for real people only. So, my question is, whether there is a better way how to deal with this service email/account ? Thanks for pointing me to the right direction :) Best Regards, Jan -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
