Jeff Fearn replied to my email, but he only copied the internal
bugzilla-list, because he wanted to include security details and didn't
feel comfortable doing that on a public list. I've selected the most
important parts of his replies and deleted the rest. Please see his
responses below:
On Wed,
On 2/9/22 14:30, Adam Williamson wrote:
> On Wed, 2022-02-09 at 17:44 +, Daniel P. Berrangé wrote:
>>
>> I've not seen this kind of auth dance implemented in any software
>> other than TV streaming apps, and not bugzilla and not any other
>> bug tracker I've come across. So it is not a practica
On Wed, Feb 09, 2022 at 17:44:35 +,
"Daniel P. Berrangé" wrote:
Using API tokens over username/password is a good thing from a security
POV, but as you say, the process of creating the token and getting it
over to the client is horribly user unfriendly.
That depends on ypur threat model.
st 9. 2. 2022 o 20:37 Adam Williamson
napísal(a):
> On Wed, 2022-02-09 at 20:27 +0100, Michal Srb wrote:
> > st 9. 2. 2022 o 19:39 Michael Catanzaro
> napísal(a):
> >
> > >
> > > Am I right to suspect that ABRT bug reports are going to disappear for
> > > the foreseeable future?
> > >
> >
> > No
On Wed, 2022-02-09 at 20:27 +0100, Michal Srb wrote:
> st 9. 2. 2022 o 19:39 Michael Catanzaro napísal(a):
>
> >
> > Am I right to suspect that ABRT bug reports are going to disappear for
> > the foreseeable future?
> >
>
> Nope, we are working on a fix.
That's great news, but since AFAICT th
On Wed, 2022-02-09 at 17:44 +, Daniel P. Berrangé wrote:
>
> I've not seen this kind of auth dance implemented in any software
> other than TV streaming apps, and not bugzilla and not any other
> bug tracker I've come across. So it is not a practical solution
> today, more of a thought experim
st 9. 2. 2022 o 19:39 Michael Catanzaro napísal(a):
>
> Am I right to suspect that ABRT bug reports are going to disappear for
> the foreseeable future?
>
Nope, we are working on a fix.
Thanks,
Michal
>
> ___
> devel mailing list -- devel@lists.fedo
Am I right to suspect that ABRT bug reports are going to disappear for
the foreseeable future?
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https:
On Wed, Feb 09, 2022 at 11:33:24AM +0100, Kamil Paral wrote:
> However, even if Anaconda changes the bug reporting mechanism and asks the
> user to create an API key first, and then provide it to Anaconda, I fear
> that this will have a devastating impact on the number of bug reports that
> we rece
On Tue, Feb 1, 2022 at 3:30 AM Jeff Fearn wrote:
> Tl;dr From Monday 28th February, applications making API calls to
> Bugzilla may no longer authenticate using passwords or supplying API
> keys in call parameters. Instead, API keys must be supplied in the
> Authorization header.
>
> Support for
10 matches
Mail list logo
