Re: No more Bugzilla for me

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2009-04-22 at 14:31 +1000, Rodd Clarkson wrote:
> On Tue, 2009-04-21 at 17:43 -0700, Adam Williamson wrote:
> > On Tue, 2009-04-21 at 17:16 -0700, Jesse Keating wrote:
> > > On Wed, 2009-04-22 at 06:45 +0800, Basil Mohamed Gohar wrote:
> > > > I agree, actually.  Can poorly-authenticated access to Bugzilla really 
> > > > cause such a degree of havoc?
> > > 
> > > It can leak NDA information from Red Hat partners to non-Red Hat folks,
> > > which could cause Red Hat to be sued.
> > 
> > So, another Red Hat issue affecting Fedora. :\ I presume the enhanced
> > busybodying can't only be enforced on the accounts which can actually
> > access restricted info?
> 
> Ah, I'm a little confused.
> 
> All that was requested was a change of password.  This doesn't stop Joe
> Public from signing up and accessing bugzilla, and presumably doesn't
> stop Joe from viewing leaky NDA's.
> 
> All it seems to do is make me have to change a password.

The point is that some accounts in Bugzilla have access to read special
bugs (containing NDA and CVE information), and so we have to enforce
strong security standards on all Bugzilla accounts, if my presumption
that it can't be done only for those accounts is correct.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux