Based on feedback, the 30-day auto-revocation is being dropped[1]. The
12-month key lifetime will still apply.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2174291
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
Kevin P. Fleming wrote:
> Not O365, but Google Workspace... that ship sailed some time ago (I'm
> sending this using Thunderbird going through Google Workspace, so at
> least I don't have to *see* GMail...)
#facepalm# 臘
Kevin Kofler
___
devel
On Fri, Feb 24, 2023 at 4:56 PM Solomon Peachy via devel
wrote:
> (I admit I'm surprised that "Free Software for Everything" Red Hat is
> chosing to base something so fundamental to their business on a highly
> proprietary tool. I suppose O365 is just a matter of time...)
They probably also
On Fri, 2023-02-24 at 11:55 -0500, Solomon Peachy via devel wrote:
> On Fri, Feb 24, 2023 at 05:55:55AM +0100, Kevin Kofler via devel wrote:
> > Ah right, I had forgotten about that issue. I do not think I will ever
> > understand the fascination some projects have for JIRA. It is proprietary,
>
On 2/24/23 11:55, Solomon Peachy via devel wrote:
(I admit I'm surprised that "Free Software for Everything" Red Hat is
chosing to base something so fundamental to their business on a highly
proprietary tool. I suppose O365 is just a matter of time...)
Not O365, but Google Workspace... that
On Fri, Feb 24, 2023 at 05:55:55AM +0100, Kevin Kofler via devel wrote:
> Ah right, I had forgotten about that issue. I do not think I will ever
> understand the fascination some projects have for JIRA. It is proprietary,
> and IMHO the web UI for users to report bugs in JIRA is very confusing
Matthew Miller wrote:
> The "good news" is that Red Hat has announced a move away from Bugzilla
> for future products. (They're going to Jira.)
Ah right, I had forgotten about that issue. I do not think I will ever
understand the fascination some projects have for JIRA. It is proprietary,
and
On Thu, Feb 23, 2023 at 6:48 PM Ben Cotton wrote:
> I have a survey prepared that will be opened once the F37
> retrospective survey is done. This will give us a basis for evaluating
> our requirements as we look for possible replacements.
Thanks for planning on the followup.
On Thu, Feb 23, 2023 at 1:42 PM Gary Buhrmaster
wrote:
>
> I seem to recall that some of the Fedora people were
> talking about creating a document that would show
> what "we" use bugzilla for so that a future issue/bug
> tracker solution (whatever that might be) could be
> evaluated and any prep
On Thu, Feb 23, 2023 at 5:54 PM Matthew Miller wrote:
> The "good news" is that Red Hat has announced a move away from Bugzilla for
> future products. (They're going to Jira.) RH Bugzilla isn't officially shut
> down, but its days are numbered. We need to come up with something else.
"Good" is
On Thu, Feb 23, 2023 at 05:35:36AM +0100, Kevin Kofler via devel wrote:
> IMHO, Fedora really needs its own bug tracker that is not driven by this
> kind of enterprise-grade security requirements.
The "good news" is that Red Hat has announced a move away from Bugzilla for
future products.
I wont be using the API again due to the 30 day limit.
If they change the password requirement again I will dump redhat bugzilla!
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Ben Cotton wrote:
> Red Hat Bugzilla has introduced a 12 month lifetimes for API keys. You
> must replace your API keys at least once a year. Additionally, any API
> key that is not used for 30 days will be suspended but can be
> re-enabled on the account's preferences tab.
So Red Hat Bugzilla
To make things slightly worse, it looks like an API key that is manually
“un-revoked” will be revoked again the next day if it is not also *actually
used*. So the 30 days are evaluated every day based on time since the last API
call, and “un-revoking” the key does not count as using it.
On
I think this should be sufficient (according original e-mail):
```
curl "https://bugzilla.redhat.com//rest/user/1?exclude_fields=name; -H
"Authorization: Bearer YOUR_API_KEY"
```
But do you really want to ask users to put this to their cron?
On 2/22/23 18:05, Fabio Valentini wrote:
Does
On Wed, Feb 22, 2023 at 5:44 PM Miro Hrončok wrote:
>
> On 22. 02. 23 17:27, Ben Cotton wrote:
> > I just found out about this change yesterday. I suspect it's a
> > security-driven requirement, so I don't know how much room there will
> > be for changes. I'll pass this on to the Bugzilla team
On 22. 02. 23 17:27, Ben Cotton wrote:
I just found out about this change yesterday. I suspect it's a
security-driven requirement, so I don't know how much room there will
be for changes. I'll pass this on to the Bugzilla team and see what
they say.
I suspect the same. Maybe accounts without
st 22. 2. 2023 o 17:27 Ben Cotton napísal(a):
> Yes, as I understand it, this will make abrt difficult to use.
> Historically, we get about 2500 bug reports via abrt per release.
> That's roughly a quarter of reports per release on average. On the
> other hand, we're not particularly good at
Yes, as I understand it, this will make abrt difficult to use.
Historically, we get about 2500 bug reports via abrt per release.
That's roughly a quarter of reports per release on average. On the
other hand, we're not particularly good at fixing abrt-reported bugs.
Here's the resolution (excluding
On Wed, Feb 22, 2023 at 10:46:12AM -0500, Ben Cotton wrote:
> Red Hat Bugzilla has introduced a 12 month lifetimes for API keys. You
> must replace your API keys at least once a year. Additionally, any API
> key that is not used for 30 days will be suspended but can be
> re-enabled on the
Am I missing something, or does this basically break ABRT for users, since that
has required an API key rather than a username and password for some time, and
it’s not usual to report bugs with ABRT even as often as once a month? It
doesn’t seem reasonable to have to go manually reset an API
Hi Ben,
Does this make sense? Lot of people (outside of redhat) are using API
keys just for abrt, so when something crashes they can report bug to
bugzilla.
I report about 1-2 bugs /year, and it would be inconvenient for me for
every bugreport to regenerate/reactivate API keys. I would do
If you did not see the bugzilla-announce-list post[1], there are new
requirements for API keys in Red Hat Bugzilla:
Red Hat Bugzilla has introduced a 12 month lifetimes for API keys. You
must replace your API keys at least once a year. Additionally, any API
key that is not used for 30 days will
If you did not see the bugzilla-announce-list post[1], there are new
requirements for API keys in Red Hat Bugzilla:
Red Hat Bugzilla has introduced a 12 month lifetimes for API keys. You
must replace your API keys at least once a year. Additionally, any API
key that is not used for 30 days will
24 matches
Mail list logo