No more Bugzilla for me
emmanuel.seyman at club-internet.fr
Wed Apr 22 20:59:35 UTC 2009
* Felix Miata [22/04/2009 22:35] :
> On the contrary, anyone who wants one can get a Bugzilla account, which
> *every* bug is exposed to the whole world to see, until such time as that bug
> is restricted to extraordinary accounts, those that are unavailable to every
> Tom, Dick & Harry. Unless that happens, there is no actual security at all,
> regardless of password policy.
Yup. That's why you have the option at all times to mark a bug as being
security sensitive, which you should do as soon as you realize that a
security exploit might be in question.
> In the meantime, those few bugs I filed that ever got any attention from
> anyone other than myself will be unable to get any further attention from me,
> only because I am forbidden from using my own choice of virtually pointless
I'm just saying that all Bugzilla need strong passwords, nothing else.
Personally, I would argue that the current policy encourages weak password
but that's just a gut feeling.
More information about the devel