On Sex, 2015-10-02 at 17:11 -0400, Felix Miata wrote: > Sérgio Basto composed on 2015-10-02 13:23 (UTC+0100): > > > On Sex, 2015-10-02 at 12:37 +0200, Karel Volný wrote: > > >> > Maybe my assumption was not totally correct but now bugzilla says: > > >> > The password must contain at least one: > > >> > letter > >> > special character > >> > digit > > >> and 8 characters minimum length > > > if Bugzilla enforce 8 characters minimum length , it is a strong > > password ! > > if not , it should. > > Why? Exactly what is the risk that someone could access BZ via password theft > vs. creating an account? What could be lost by keeping the old password > requirement? Stealing a password of a privileged user, can compromised Bugzilla, can be stolen ‘security-sensitive' information etc . We have the recent new with Mozilla: "Mozilla says hacker compromised Bugzilla and used stolen ‘security-sensitive’ info to attack Firefox users" and they did the attack . > -- > "The wise are known for their understanding, and pleasant > words are persuasive." Proverbs 16:21 (New Living Translation) > > Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! > > Felix Miata *** http://fm.no-ip.com/ > -- Sérgio M. B. -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
