On Wed, Feb 09, 2022 at 17:44:35 +0000, "Daniel P. Berrangé" <berrange@xxxxxxxxxx> wrote:
Using API tokens over username/password is a good thing from a security POV, but as you say, the process of creating the token and getting it over to the client is horribly user unfriendly.
That depends on ypur threat model. If you aren't using third party apps, this doesn't provide much security benefit. For Fedora people are generally going to be using apps provided by Fedora, so not trusting them with your Fedora credentials seems pointless. Though that is from the perspective of someone who treats Fedora and Red Hat as being in the same security domain. That might not be the model that Red Hat employees take. For them Fedora might be considered a third party.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
