On Mon, 7 Dec 2015 12:57:30 +0100 Jan Kurik <jkurik@xxxxxxxxxx> wrote: > Hi infrastructure team, > > I am in doubt how to deal with "endoflife" service account. In fact, > it is not really an account, it is just an email alias. This email > address has been used for maintaining and housekeeping of old bugs in > Bugzilla. > > The background: > This email alias used to be forwarded to triage@ mailing list. Some > time ago password policy of Bugzilla has changed and this > email/account become unavailable due to a weak password. To make this > email/account available again I had to request password reset of the > Bugzilla account. The password reset in Bugzilla is made via email and > the email to confirm the password reset had been sent to the publicly > available triage@ mailing list. Then I have realized that anybody can > hijack the account, using the password reset. To avoid this, I > redirected the endoflife Bugzilla account to my private email address. > However I to not think this is a good solution and I would like to > find a way how to solve this problem properly. > > Currently, the best way I see, is to make the "endoflife" email alias > as a full-blown account in FAS, instead of email alias only. However > as far as I know, we are using FAS for real people only. So, my > question is, whether there is a better way how to deal with this > service email/account ? > > Thanks for pointing me to the right direction :) We could do this, but I am not sure what advantage it might bring us. Now that the password is reset, why not point it back to the list? is the list of use? If we don't care about any emails to that account we could just drop them? kevin
Attachment:
pgpIlEp_edHGO.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
