New FAS release for after alpha release -- New feature to test

[Toshio Kuratomi]

Codeblock is working on a new FAS release for production deployment just
after the Fedora 18 alpha release.  puiterwijk has added a security question
feature to this release that could use some testing.  The idea of the
security question is that if you enter it into fas and subsequently lose
both your password and access to the email address you used in FAS (For
instance, if you change jobs) you can ask an admin to verify you via your
security question.  The admin will ask you the question you asked in FAS and
then see if the answer you give matches what's recorded in fas.

This is a manual process because we want to allow fuzzy matches for the
answers.  To mitigate some of the risk of having another means of verifying
you, we've encrypted the answer to the question with a public key.  The
admins have access to the private key and will be decrypting and reading
your question and answer when you need to verify.  Please be aware of that
when choosing a question and answer.

For testing purposes, if people would like to add questions and answers to
their accounts on the stg server they can do so here:

https://admin.stg.fedoraproject.org/accounts/user/changequestion

Sometime before pushing to production, I'll be testing that I can
***decrypt all the answers*** that have been entered here so that we don't
end up with a production instance that's saving answers we cannot later
read.  Please be aware of that and use values you don't care about if this
concerns you.

If you see any issues with this, found a way to retrieve someone else's
question or answer (and aren't an admin), etc, please bring it up with us so
we can fix the issue.

Thanks for any testing!
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120802/486f4a5d/attachment.sig>