On 2018-02-03 07:48, Axel Braun wrote: > Am Montag, 29. Januar 2018 23:25:07 UTC+1 schrieb Cédric Krier: > > On 2018-01-29 12:47, Axel Braun wrote: > > > I would like to discuss https://bugs.tryton.org/issue5375 with all > > > developers involved. > > > > All developers have already commented on the issue and we all agree that > > the proposal is wrong, solves nothing and weakens the brute force attack > > protection. > > We had a constructive and friendly discussion about the topic here: > https://bugzilla.opensuse.org/show_bug.cgi?id=1078111
What I read is that more people agree that the applied patch does not solve any issue and disable the brute force attack protection. > The advise from the security team should be considered for a future patch. But more importantly, the applied patch on the OpenSUSE package must be removed ASAP to not expose OpenSUSE users of the Tryton package to brute force attack against their password. PS: Moreover I think such patched Tryton could not complain with the GDRP[1] [1] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation -- Cédric Krier - B2CK SPRL Email/Jabber: cedric.kr...@b2ck.com Tel: +32 472 54 46 59 Website: http://www.b2ck.com/ -- You received this message because you are subscribed to the Google Groups "tryton-dev" group. To view this discussion on the web visit https://groups.google.com/d/msgid/tryton-dev/20180203232820.GI16617%40kei.
