Based on feedback, the 30-day auto-revocation is being dropped[1]. The
12-month key lifetime will still apply.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2174291
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_
Kevin P. Fleming wrote:
> Not O365, but Google Workspace... that ship sailed some time ago (I'm
> sending this using Thunderbird going through Google Workspace, so at
> least I don't have to *see* GMail...)
#facepalm# 🤦
Kevin Kofler
___
devel ma
On Fri, Feb 24, 2023 at 4:56 PM Solomon Peachy via devel
wrote:
> (I admit I'm surprised that "Free Software for Everything" Red Hat is
> chosing to base something so fundamental to their business on a highly
> proprietary tool. I suppose O365 is just a matter of time...)
They probably also u
On Fri, 2023-02-24 at 11:55 -0500, Solomon Peachy via devel wrote:
> On Fri, Feb 24, 2023 at 05:55:55AM +0100, Kevin Kofler via devel wrote:
> > Ah right, I had forgotten about that issue. I do not think I will ever
> > understand the fascination some projects have for JIRA. It is proprietary,
>
On 2/24/23 11:55, Solomon Peachy via devel wrote:
(I admit I'm surprised that "Free Software for Everything" Red Hat is
chosing to base something so fundamental to their business on a highly
proprietary tool. I suppose O365 is just a matter of time...)
Not O365, but Google Workspace... that
On Fri, Feb 24, 2023 at 05:55:55AM +0100, Kevin Kofler via devel wrote:
> Ah right, I had forgotten about that issue. I do not think I will ever
> understand the fascination some projects have for JIRA. It is proprietary,
> and IMHO the web UI for users to report bugs in JIRA is very confusing at
Matthew Miller wrote:
> The "good news" is that Red Hat has announced a move away from Bugzilla
> for future products. (They're going to Jira.)
Ah right, I had forgotten about that issue. I do not think I will ever
understand the fascination some projects have for JIRA. It is proprietary,
and IM
On Thu, Feb 23, 2023 at 6:48 PM Ben Cotton wrote:
> I have a survey prepared that will be opened once the F37
> retrospective survey is done. This will give us a basis for evaluating
> our requirements as we look for possible replacements.
Thanks for planning on the followup.
___
On Thu, Feb 23, 2023 at 1:42 PM Gary Buhrmaster
wrote:
>
> I seem to recall that some of the Fedora people were
> talking about creating a document that would show
> what "we" use bugzilla for so that a future issue/bug
> tracker solution (whatever that might be) could be
> evaluated and any prep
On Thu, Feb 23, 2023 at 5:54 PM Matthew Miller wrote:
> The "good news" is that Red Hat has announced a move away from Bugzilla for
> future products. (They're going to Jira.) RH Bugzilla isn't officially shut
> down, but its days are numbered. We need to come up with something else.
"Good" is i
On Thu, Feb 23, 2023 at 05:35:36AM +0100, Kevin Kofler via devel wrote:
> IMHO, Fedora really needs its own bug tracker that is not driven by this
> kind of enterprise-grade security requirements.
The "good news" is that Red Hat has announced a move away from Bugzilla for
future products. (They'r
I wont be using the API again due to the 30 day limit.
If they change the password requirement again I will dump redhat bugzilla!
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
F
Ben Cotton wrote:
> Red Hat Bugzilla has introduced a 12 month lifetimes for API keys. You
> must replace your API keys at least once a year. Additionally, any API
> key that is not used for 30 days will be suspended but can be
> re-enabled on the account's preferences tab.
So Red Hat Bugzilla API
To make things slightly worse, it looks like an API key that is manually
“un-revoked” will be revoked again the next day if it is not also *actually
used*. So the 30 days are evaluated every day based on time since the last API
call, and “un-revoking” the key does not count as using it.
On Wed,
I think this should be sufficient (according original e-mail):
```
curl "https://bugzilla.redhat.com//rest/user/1?exclude_fields=name"; -H
"Authorization: Bearer YOUR_API_KEY"
```
But do you really want to ask users to put this to their cron?
On 2/22/23 18:05, Fabio Valentini wrote:
Does a
On Wed, Feb 22, 2023 at 5:44 PM Miro HronÄŤok wrote:
>
> On 22. 02. 23 17:27, Ben Cotton wrote:
> > I just found out about this change yesterday. I suspect it's a
> > security-driven requirement, so I don't know how much room there will
> > be for changes. I'll pass this on to the Bugzilla team and
On 22. 02. 23 17:27, Ben Cotton wrote:
I just found out about this change yesterday. I suspect it's a
security-driven requirement, so I don't know how much room there will
be for changes. I'll pass this on to the Bugzilla team and see what
they say.
I suspect the same. Maybe accounts without ad
st 22. 2. 2023 o 17:27 Ben Cotton napĂsal(a):
> Yes, as I understand it, this will make abrt difficult to use.
> Historically, we get about 2500 bug reports via abrt per release.
> That's roughly a quarter of reports per release on average. On the
> other hand, we're not particularly good at fixi
Yes, as I understand it, this will make abrt difficult to use.
Historically, we get about 2500 bug reports via abrt per release.
That's roughly a quarter of reports per release on average. On the
other hand, we're not particularly good at fixing abrt-reported bugs.
Here's the resolution (excluding
On Wed, Feb 22, 2023 at 10:46:12AM -0500, Ben Cotton wrote:
> Red Hat Bugzilla has introduced a 12 month lifetimes for API keys. You
> must replace your API keys at least once a year. Additionally, any API
> key that is not used for 30 days will be suspended but can be
> re-enabled on the account's
Am I missing something, or does this basically break ABRT for users, since that
has required an API key rather than a username and password for some time, and
it’s not usual to report bugs with ABRT even as often as once a month? It
doesn’t seem reasonable to have to go manually reset an API key
Hi Ben,
Does this make sense? Lot of people (outside of redhat) are using API
keys just for abrt, so when something crashes they can report bug to
bugzilla.
I report about 1-2 bugs /year, and it would be inconvenient for me for
every bugreport to regenerate/reactivate API keys. I would do it
22 matches
Mail list logo
