Re: Fedora Community Pre-Beta Testing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/13/2009 04:32 PM, Till Maas wrote:
> I hope this is only misleading, but it looks to me that this test application 
> demands the original FAS username/password from testers, which are then sent 
> via an connection where the certificate cannot be easily verified by the 
> testers. Also it is a bad idea to use these very important credentials in an 
> application that may still have security flaws, because it is still in 
> development. Last but not least this is also a bad education for the users 
> that get used to provide their credentials to untrustworthy websites.

I'm not entirely sure I follow this logic. Lots of things authenticate
against FAS. The source code for every bit of this web application is
open source and available for review. Do you trust Bodhi? How about
pkgdb? Or koji? Barring some specific security vulnerability (which you
haven't pointed out), this criticism seems unfounded.

~spot

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux