V Fri, Oct 14, 2022 at 03:39:32AM +0200, Kevin Kofler via devel napsal(a):
today, Red Hat Bugzilla forced me to change my password because apparently a password of 9 random alphanumeric+symbol characters (1 symbol, 8 mixed-case alphanumeric) is suddenly no longer considered secure enough. This is absolutely ridiculous for a bug tracker. It is not like that password is for a bank account or for a build system (I believe FAS and thus Koji actually has less stringent password security requirements than that!), so how secure does the password really have to be?
Bugzilla contain data about embargoed vulnerabilities.
-- Petr