Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev@l.g.o
Cc: awaria@××××××××××.pl
Subject: Re: [gentoo-dev] Bugzilla 4 migration
Date: Tue, 08 Mar 2011 14:55:01
Message-Id: 20110308155301.6af83f28@pomiocik.lan
In Reply to: Re: [gentoo-dev] Bugzilla 4 migration by "Antoni Grzymała"
1 On Tue, 08 Mar 2011 16:41:08 +0200
2 Antoni Grzymała <awaria@××××××××××.pl> wrote:
3
4 > On Tue, 8 Mar 2011 15:26:34 +0100, Michał Górny wrote:
5 > > On Mon, 07 Mar 2011 15:06:25 -0500
6 > > Olivier Crête <tester@g.o> wrote:
7 > >
8 > >> On Mon, 2011-03-07 at 20:47 +0100, Michał Górny wrote:
9 > >> > Why does everyone assume it needs to be enforced? If user is
10 > >> > interested in protecting his/her data, he/she can simply use
11 > >> > https://. If he/she is not, there is no real reason to enforce
12 > >> > slower (and not always supported) SSL.
13 > >>
14 > >> Maybe it's not to protect the user, but to protect the Gentoo
15 > >> infrastructure.. And really, SSL has been supported by every
16 > >> browser for the last 15 years. And it is not in any way slow or
17 > >> slower than non-SSL.
18 > >
19 > > If you really think you need to force all users to use SSL, thus
20 > > assuming they're unable to make their own decisions, why don't you
21 > > restrict bugzie access completely?
22 >
23 > You don't seem to (or pretend not to) understand that using SSL
24 > protects not *the user* (in which case, yes, a user is free to leave
25 > the door to *his own* house wide open), but the Gentoo infrastructure
26 > that is far from his own and that all of us are using.
27
28 Please explain to me how not using SSL for a particular bugzie user is
29 going to hurt Gentoo infra. Even if we're talking about a dev,
30 and we're really assuming a dev is completely unaware of security
31 issues he/she's dealing with, I'd say power outage could cause more
32 damage.
33
34 > Besides, complaining about SSL being slow is absurd considering how
35 > mildly interactive and how low-traffic a typical bugzilla session is.
36 > You could do just fine over a 9600 bps modem.
37
38 It is more absurd to waste 5 minutes trying to establish login session
39 due to packet loss.
40
41 --
42 Best regards,
43 Michał Górny

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] Bugzilla 4 migration Nathan Phillip Brink <ohnobinki@××××××××××××××.net>
Report Message
Find on MARC Find on Google Groups