On Wed, 2009-04-22 at 23:26 +0800, Basil Mohamed Gohar wrote: > On 04/22/2009 11:11 PM, Adam Williamson wrote: > > On Wed, 2009-04-22 at 17:16 +0800, Basil Mohamed Gohar wrote: > > > > > > > I've seen the idea floated around about Fedora Project having it's own > > > bug tracking setup before. I know that's a monumental task, but FP > > > has done others and the change was worth it. > > > > > > > Remember that a plausible case that doesn't involve Red Hat data - > > not-yet-public security issues - was subsequently cited. Even if we > > split Fedora bugzilla from Red Hat bugzilla, it'll still contain > > sensitive data. > > > Bugzilla is currently publicly accessible anyway. How would the case > you've mentioned above affect this? What's hidden would remain > hidden, right? Maybe I'm not understanding... The point is that some Bugzilla accounts have access to such sensitive information, thus we need to have a reasonably strong security policy for Bugzilla accounts. (Personally I agree with the argument that forcing people to change passwords and not allowing passwords to be re-used doesn't really aid security, though). -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
