I am fine with pointing the account back to the list. However, I would like to make sure only closed group of people can change password of the Bugzilla account. Having the account pointing to a public mailing list allows anyone to change the password. Dropping all the emails coming from this Bugzilla account will do the job, but there will be no possibility then to change the password in case it gets invalid (which is what has happened the last time). What I am trying to achieve is a service account shared and controlled by a closed group of people. If there is any better solution, I am open to accept it. Regards, Jan On Sat, Dec 26, 2015 at 9:54 PM, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > On Mon, 7 Dec 2015 12:57:30 +0100 > Jan Kurik <jkurik@xxxxxxxxxx> wrote: > >> Hi infrastructure team, >> >> I am in doubt how to deal with "endoflife" service account. In fact, >> it is not really an account, it is just an email alias. This email >> address has been used for maintaining and housekeeping of old bugs in >> Bugzilla. >> >> The background: >> This email alias used to be forwarded to triage@ mailing list. Some >> time ago password policy of Bugzilla has changed and this >> email/account become unavailable due to a weak password. To make this >> email/account available again I had to request password reset of the >> Bugzilla account. The password reset in Bugzilla is made via email and >> the email to confirm the password reset had been sent to the publicly >> available triage@ mailing list. Then I have realized that anybody can >> hijack the account, using the password reset. To avoid this, I >> redirected the endoflife Bugzilla account to my private email address. >> However I to not think this is a good solution and I would like to >> find a way how to solve this problem properly. >> >> Currently, the best way I see, is to make the "endoflife" email alias >> as a full-blown account in FAS, instead of email alias only. However >> as far as I know, we are using FAS for real people only. So, my >> question is, whether there is a better way how to deal with this >> service email/account ? >> >> Thanks for pointing me to the right direction :) > > We could do this, but I am not sure what advantage it might bring us. > > Now that the password is reset, why not point it back to the list? > > is the list of use? If we don't care about any emails to that account > we could just drop them? > > kevin > > > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
