From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.54)
	id 1FPEZW-0006uW-Qq
	for garchives@archives.gentoo.org; Fri, 31 Mar 2006 08:01:31 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.6/8.13.5) with SMTP id k2V7xu4Z026992;
	Fri, 31 Mar 2006 07:59:56 GMT
Received: from mail.tar.bz (s175249.ppp.asahi-net.or.jp [220.157.175.249])
	by robin.gentoo.org (8.13.6/8.13.5) with ESMTP id k2V7tN45032536
	for <gentoo-dev@lists.gentoo.org>; Fri, 31 Mar 2006 07:55:27 GMT
Received: (qmail 2078 invoked by uid 210); 31 Mar 2006 07:55:21 -0000
Received: from 10.1.5.83 by dorf (envelope-from <kalin@thinrope.net>, uid 89) with qmail-scanner-1.25st 
 (clamdscan: 0.87/1096. perlscan: 1.25st.  
 Clear:RC:1(10.1.5.83):. 
 Processed in 0.203015 secs); 31 Mar 2006 07:55:21 -0000
Received: from sho.int.fbks.jp (HELO ?10.1.5.83?) (kalin.smtp%tar.bz@10.1.5.83)
  by dorf.tar.bz with ESMTPA; 31 Mar 2006 07:55:21 -0000
Message-ID: <442CE0C7.8010706@thinrope.net>
Date: Fri, 31 Mar 2006 16:56:55 +0900
From: Kalin KOZHUHAROV <kalin@thinrope.net>
User-Agent: Mail/News 1.5 (X11/20060328)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Bugday reminder
References: <442BE644.8020302@gentoo.org>
In-Reply-To: <442BE644.8020302@gentoo.org>
X-Enigmail-Version: 0.94.0.0
OpenPGP: id=26BE7385
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 343b7356-6fd1-4bb3-9c09-85935b5f9a6a
X-Archives-Hash: 0121888d050119b5237bb5d70a61cb89

Bjarke Istrup Pedersen wrote:

> Something interresting has happend since last, the new bugday site has
> gone into official beta, and can been seen on
> http://bugday.gentoo.org/bugdaytest . Please do some testing with it,
> and report any bugs you find back to me.

Bug #1:
Do *NOT* ask for Bugzilla credentials over plain HTTP!

Even if it is just beta testing, you are using real account information
and that is a very bad approach as far as security practices go.

Add SSL support (or fix it, 'cause https://bugday.gentoo.org/bugdaytest/
is a 404 and https://bugday.gentoo.org/ is plain bugs.gentoo org or is it?)

Bug #2:
Add an error page explaining what is wrong with a login attempt

If you try to login, you are just thrown back to the original URL (slightly
dressed up as http://bugday.gentoo.org/bugdaytest/bugday.php) without any
notice of a failed login attempt.

When Bug #1 gets fixed, I can further test.

Kalin.

-- 
|[ ~~~~~~~~~~~~~~~~~~~~~~ ]|
+-> http://ThinRope.net/ <-+
|[ ______________________ ]|

-- 
gentoo-dev@gentoo.org mailing list