[opensuse-factory] microfocus? -- Login to bugtraq?
Am I supposed to be givin my password to microfocus now for suse bug information? Went to update a bug and got shunted of to login.myopic, er microfocus.com. Is that right? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 9 June 2015 at 17:56, Linda Walsh <suse@tlinx.org> wrote:
Am I supposed to be givin my password to microfocus now for suse bug information?
Went to update a bug and got shunted of to login.myopic, er microfocus.com.
Is that right?
Yes. Did you not notice the branding on the page? Everything is using the same db backend just the url has changed as part of the new ownership.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 9 June 2015 at 17:56, Linda Walsh <suse@tlinx.org> wrote:
Am I supposed to be givin my password to microfocus now for suse bug information?
Went to update a bug and got shunted of to login.myopic, er microfocus.com.
Is that right?
Yes.
Did you not notice the branding on the page? Everything is using the same db backend just the url has changed as part of the new ownership. It took me 'offsite' for the login and had no branding on that
Andrew Wafaa wrote: page (likely due to my noscript settings for sites I haven't heard of before)... -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, Jun 09, 2015 at 10:19:18AM -0700, Linda Walsh wrote:
It took me 'offsite' for the login
...which is what has been happening for years, the only change being that rather than login.novell.com, you are now redirected to login.microfocus.com
and had no branding on that page (likely due to my noscript settings for sites I haven't heard of before)...
...which is hardly something to blame the site for. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2015-06-09 21:11, Michal Kubecek wrote:
On Tue, Jun 09, 2015 at 10:19:18AM -0700, Linda Walsh wrote:
It took me 'offsite' for the login
...which is what has been happening for years, the only change being that rather than login.novell.com, you are now redirected to login.microfocus.com
Still it surprises people. It is not the first post I have seen asking bout this. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlV3P1cACgkQtTMYHG2NR9WtlACgg5/RwzCeeiR6xrT5B/Iky1nU bWgAn1+s5FC7E1l/nhPAu9lp4FQyQtaX =vaLx -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, Jun 09, 2015 at 09:32:41PM +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2015-06-09 21:11, Michal Kubecek wrote:
On Tue, Jun 09, 2015 at 10:19:18AM -0700, Linda Walsh wrote:
It took me 'offsite' for the login
...which is what has been happening for years, the only change being that rather than login.novell.com, you are now redirected to login.microfocus.com
Still it surprises people. It is not the first post I have seen asking bout this.
I agree, it could (and should) have been communicated better. I just wanted to point out that login page using different domain name is far from being new. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Michal Kubecek composed on 2015-06-09 21:11 (UTC+0200):
...has been happening for years, the only change...
Unfortunately. :~( The most grating annoyance with openSUSE testing and QA is that openSUSE's bug tracker, unlike every other bug tracker I've ever used, and I've used a lot, times out the login even before the browser window is closed. Others, like bugs.kde.org, bugzilla.mozilla.org and bugzilla.redhat.com, usually provide at least an option to maintain login across browser sessions. Never elsewhere except a on banking site have I encountered login timeout. What's the risk that this usability impediment avoids now that openSUSE bug users are no longer limited to bugzilla.novell.com? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, Jun 09, 2015 at 03:55:24PM -0400, Felix Miata wrote:
The most grating annoyance with openSUSE testing and QA is that openSUSE's bug tracker, unlike every other bug tracker I've ever used, and I've used a lot, times out the login even before the browser window is closed.
There is actually one worse: because of the way authentication is implemented, it can happen that even if you reload the bug page few seconds before sending a comment (or doing any other change), you can still end up on login page when you press the "save changes" button.
What's the risk that this usability impediment avoids now that openSUSE bug users are no longer limited to bugzilla.novell.com?
It's still only one bug tracker, bugzilla.novell.com, bugzilla.suse.com and bugzilla.opensuse.org are only three frontends to the same backend (including the authentication database). You can actually access any bug, including non-public SLE ones or bugs on Novell products, via the bugzilla.opensuse.org URL (as long as your account has required permissions, of course). Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Michal Kubecek composed on 2015-06-09 23:22 (UTC+0200):
It's still only one bug tracker, bugzilla.novell.com, bugzilla.suse.com and bugzilla.opensuse.org are only three frontends to the same backend (including the authentication database). You can actually access any bug, including non-public SLE ones or bugs on Novell products, via the bugzilla.opensuse.org URL (as long as your account has required permissions, of course).
I got that there are three interfaces when it began, but one would think the openSUSE one could have a unique configuration to permit the same kind of accessibility and usability RedHat provides to Fedora users. What exposure do SLED and SLES users get that RedHat users don't? How do they differ that one needs an annoying recurring timeout and the other needs no timeout at all? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-06-10 00:06, Felix Miata wrote:
Michal Kubecek composed on 2015-06-09 23:22 (UTC+0200):
It's still only one bug tracker, bugzilla.novell.com, bugzilla.suse.com and bugzilla.opensuse.org are only three frontends to the same backend (including the authentication database). You can actually access any bug, including non-public SLE ones or bugs on Novell products, via the bugzilla.opensuse.org URL (as long as your account has required permissions, of course).
I got that there are three interfaces when it began, but one would think the openSUSE one could have a unique configuration to permit the same kind of accessibility and usability RedHat provides to Fedora users.
It is the same database and login for all instances. Changes are cosmetic only.
What exposure do SLED and SLES users get that RedHat users don't? How do they differ that one needs an annoying recurring timeout and the other needs no timeout at all?
That we share the access engine with services that do need that security. Unless someone provides a separate server and all its maintenance for openSUSE, we are stuck the way it is. On the other hand, you login to bugzilla and you are already in to other places, like the wiki, the forums, etc etc. One login only for all. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlV3ql0ACgkQja8UbcUWM1yM+AD9HDnGNYw8X/loyRlyQZUqaZXr K4fAzDnZe7SAav0DaCkBAJR3UnJq155u4rpGZEKwBKuCFQaUBk2rwUrNsy/+cGxd =iBJf -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 10 Jun 2015 05:09:17 +0200, Carlos E. R. wrote:
On the other hand, you login to bugzilla and you are already in to other places, like the wiki, the forums, etc etc. One login only for all.
And the authentication credentials aren't stored in the wiki/forums/ bugzilla, but stored securely separate from the application - so a compromise of the database behind these apps doesn't compromise credential information. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Carlos E. R. composed on 2015-06-09 05:09 (UTC+0200):
Felix Miata wrote:
I got that there are three interfaces when it began, but one would think the openSUSE one could have a unique configuration to permit the same kind of accessibility and usability RedHat provides to Fedora users.
It is the same database and login for all instances. Changes are cosmetic only.
How would "cosmetic only" preclude non-cosmetic?
What exposure do SLED and SLES users get that RedHat users don't? How do they differ that one needs an annoying recurring timeout and the other needs no timeout at all?
That we share the access engine with services that do need that security. Unless someone provides a separate server and all its maintenance for openSUSE, we are stuck the way it is.
"Stuck", apropos word. Where there's a will there's a way. Likely the backend is past design life anyway, maybe too many eggs in one basket too. More likely there are simply no available resources to design and implement. The golden parachutes I suspect accrued on transfer from Novell/Attachmate to Microfocus likely would have covered several servers for a bunch of decades plus a year's compensation for each developer who gets paid for working on SLES/SLED/openSUSE.
On the other hand, you login to bugzilla and you are already in to other places, like the wiki, the forums, etc etc. One login only for all.
More timeout opportunities. Not a plus in my eyes. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-06-10 06:25, Felix Miata wrote:
"Stuck", apropos word. Where there's a will there's a way.
Sure. YOU, Felix, roll out several thousand dollars per year to create a new server room and staff for openSUSE bugzilla and other services, stand alone, separate. Then there will be a way. No dollars, we have to share with others. Thus, stuck.
On the other hand, you login to bugzilla and you are already in to other places, like the wiki, the forums, etc etc. One login only for all.
More timeout opportunities. Not a plus in my eyes.
The login method currently used has been proven successfully against attacks, that caused damage on other sites, but not here, because of the method used here. So no, it is not going to change - unless you prove that you have a better (including at least same level of security) system. The timeout is intentional. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlV3w4sACgkQja8UbcUWM1xgowD8DcgDsBLfIqhv86T8sppX0fGx JponEIiMyb1/B6zWdL0BAJUVeCh4/6BK0Np8ikUVL8Wh1YdbgFbzLlImyUS1QB9i =Ry7G -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, 09 Jun 2015 09:56:42 -0700, Linda Walsh wrote:
Am I supposed to be givin my password to microfocus now for suse bug information?
Went to update a bug and got shunted of to login.myopic, er microfocus.com.
Is that right?
Yes. Micro Focus owns SUSE now. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (7)
-
Andrew Wafaa -
Carlos E. R. -
Carlos E. R. -
Felix Miata -
Jim Henderson -
Linda Walsh -
Michal Kubecek