Re: Important changes to account security on bugzilla.mozilla.org

2017-09-08 Thread Frank-Rainer Grahl 

Thanks for the clarification.

FRG

Daniel Veditz wrote:

On Fri, Sep 8, 2017 at 2:42 PM, Frank-Rainer Grahl  wrote:


who can see confidential or secure bugs


This is a bit vague. If I am cced to a secure bug does this apply if I
only have editbugs otherwise?



​There's a missing ".. by default" there. Only applies if your account is a
member of a bugzilla "group" that controls bug access; BMO isn't going to
run queries to see if you happen to be CC'd on bugs every time you log in.
Note: ALL Mozilla employee accounts will be affected because all have
access to an internal employee group.

-
​Dan Veditz​


___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Important changes to account security on bugzilla.mozilla.org

2017-09-08 Thread Daniel Veditz 
On Fri, Sep 8, 2017 at 2:42 PM, Frank-Rainer Grahl  wrote:

> > who can see confidential or secure bugs
>
> This is a bit vague. If I am cced to a secure bug does this apply if I
> only have editbugs otherwise?


​There's a missing ".. by default" there. Only applies if your account is a
member of a bugzilla "group" that controls bug access; BMO isn't going to
run queries to see if you happen to be CC'd on bugs every time you log in.
Note: ALL Mozilla employee accounts will be affected because all have
access to an internal employee group.

-
​Dan Veditz​
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Important changes to account security on bugzilla.mozilla.org

2017-09-08 Thread Frank-Rainer Grahl 

> who can see confidential or secure bugs

This is a bit vague. If I am cced to a secure bug does this apply if I only 
have editbugs otherwise?


FRG

Dylan Hardison wrote:

As of September 18th, Mozilla employees and community members who can see 
confidential or secure bugs will be required to enable 2FA within 7 days of the 
next time they access BMO.

___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Important changes to account security on bugzilla.mozilla.org

2017-09-08 Thread Dylan Hardison 
Two important changes will be made to how authentication works on 
bugzilla.mozilla.org (BMO) this September 18th. These changes will make your 
BMO account more secure.


Two-factor authentication (2FA) becomes mandatory for many users

As of September 18th, Mozilla employees and community members who can see 
confidential or secure bugs will be required to enable 2FA within 7 days of the 
next time they access BMO.

You can read more about configuring 2FA in the user guide 
.

Password rules unification

The requirements for passwords on bugzilla.mozilla.org will become identical to 
those on other Mozilla services. It is possible that when logging in after the 
18th you will be required to change your password.

Technical details of the password quality checking can be found here 
.
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform