On Thu, 2016-03-10 at 11:33 +0100, Laszlo Ersek wrote: > > > * Considering tying the Bugzilla login to GitHub using GitHub as the > > provider. This would mean that anyone wishing to submit an item into > > BZ would require a GitHub account. > > I vote against this. I find 3rd party authentication providers insecure.
I concur. The end goal should be a coherent bug tracking system where a user can file a bug, and it can be reassigned to TianoCore or to a specific vendor's "value subtract", and its *whole* lifetime can be tracked until a fix is released for the specific instance that the user has reported it with. For that, we *are* going to need the thing to live under the auspices of the UEFI Forum, and we are going to need to be able to mark things as private — using an account system that is *directly* under our control. Sure, actually getting vendor buy-in for that is a completely different story. But let's not design the system to make it hard :) -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
