On Mon, Nov 26, 2018 at 5:08 PM Jeff Fearn <jfearn(a)redhat.com>
> On 27/11/18 02:06, Emmanuel Seyman wrote:
>> * Neal Gompa [26/11/2018 11:01] :
>>> Out of curiosity, does anyone know where the source code for Red Hat
>>> Bugzilla actually is? I tried to find it a while ago, and even tried
>>> to send an email asking about it (with no response...). This variant
>>> of Bugzilla has features that aren't present in vanilla Bugzilla 5.x,
>>> nor are they present in the Mozilla fork (bmo)...
>> The source code isn't avaliable (although I've been told at least one
>> Bugzilla developer has access to it).
> This is correct. We are in a very drawn out, and painful, process to get
> this opened up.
> Dylan from BMO is helping us out by doing an audit for us, but he is
> doing it as a favor, in his own time, so it's taking about as long as
> you'd expect to audit a 20 year old code base in your spare time.
> Once Dylan is done, and we are putting no pressure on him to meet or
> specify a time line, I'll do another round of infosec/product security
> team hand shaking and then we should be able to open it.
My recent interest in RHBZ code stems from two things:
* it has working SAML auth
* it supports external bug tracking (though I'm not sure if the
functionality has completely worked recently, and lacks pagure.io
In Mageia, we're looking at revamping our identity management, and
we'd like to use SSO via SAML with our BZ5 system, but sadly this code
is not available for vanilla bz5 systems, and BMO uses CAS instead of
SAML or OIDC. :(
And of course, external bug tracking is useful for obvious reasons. :)
As someone who has to use radius 2FA to access Bugzilla, I cannot tell
you just how much SSO rocks ^_^
I may have BCC'd Dylan on this reply ;)