Bjarke Istrup Pedersen wrote: > Something interresting has happend since last, the new bugday site has > gone into official beta, and can been seen on > http://bugday.gentoo.org/bugdaytest . Please do some testing with it, > and report any bugs you find back to me.
Bug #1: Do *NOT* ask for Bugzilla credentials over plain HTTP! Even if it is just beta testing, you are using real account information and that is a very bad approach as far as security practices go. Add SSL support (or fix it, 'cause https://bugday.gentoo.org/bugdaytest/ is a 404 and https://bugday.gentoo.org/ is plain bugs.gentoo org or is it?) Bug #2: Add an error page explaining what is wrong with a login attempt If you try to login, you are just thrown back to the original URL (slightly dressed up as http://bugday.gentoo.org/bugdaytest/bugday.php) without any notice of a failed login attempt. When Bug #1 gets fixed, I can further test. Kalin. -- |[ ~~~~~~~~~~~~~~~~~~~~~~ ]| +-> http://ThinRope.net/ <-+ |[ ______________________ ]| -- gentoo-dev@gentoo.org mailing list
