On 27/11/18 12:13, Neal Gompa wrote: > On Mon, Nov 26, 2018 at 5:08 PM Jeff Fearn <jfearn@xxxxxxxxxx> wrote: >> >> On 27/11/18 02:06, Emmanuel Seyman wrote: >>> * Neal Gompa [26/11/2018 11:01] : >>>> >>>> Out of curiosity, does anyone know where the source code for Red Hat >>>> Bugzilla actually is? I tried to find it a while ago, and even tried >>>> to send an email asking about it (with no response...). This variant >>>> of Bugzilla has features that aren't present in vanilla Bugzilla 5.x, >>>> nor are they present in the Mozilla fork (bmo)... >>> >>> The source code isn't avaliable (although I've been told at least one >>> Bugzilla developer has access to it). >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=478886 >> >> This is correct. We are in a very drawn out, and painful, process to get >> this opened up. >> >> Dylan from BMO is helping us out by doing an audit for us, but he is >> doing it as a favor, in his own time, so it's taking about as long as >> you'd expect to audit a 20 year old code base in your spare time. >> >> Once Dylan is done, and we are putting no pressure on him to meet or >> specify a time line, I'll do another round of infosec/product security >> team hand shaking and then we should be able to open it. >> > > My recent interest in RHBZ code stems from two things: > * it has working SAML auth > * it supports external bug tracking (though I'm not sure if the > functionality has completely worked recently, and lacks pagure.io > itself...) > > In Mageia, we're looking at revamping our identity management, and > we'd like to use SSO via SAML with our BZ5 system, but sadly this code > is not available for vanilla bz5 systems, and BMO uses CAS instead of > SAML or OIDC. :( > > And of course, external bug tracking is useful for obvious reasons. :) As someone who has to use radius 2FA to access Bugzilla, I cannot tell you just how much SSO rocks ^_^ I may have BCC'd Dylan on this reply ;) Cheers, Jeff. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
