Gemal's Psyched Blog - Comments on bugzilla.mozilla.org protected with SSL encryption

By Fabi�n Rodr�guez

Tue, 21 Sep 2004 20:40:02 +0100

This is great news! It's nice to see Bugzilla's resources protection increased.

By minghong

Tue, 21 Sep 2004 20:46:31 +0100

But visiting http://bugzilla.mozilla.org doesn't redirect me to https://bugzilla.mozilla.org. Is it intended? :-P

By Neil

Tue, 21 Sep 2004 21:00:24 +0100

I have one question for you... why? Why has everything been moved over to a secure connection?

I could see if for security related bugs but other then that I can't think of any reason why you'd want to do this.

- Can't submit from Thunderbird to this list :(

By berkut

Tue, 21 Sep 2004 21:57:00 +0100

Will this reduce the ammount of spam bugzilla account email addresses get in anyway?

The least they can do is hide email addresses for anyone that's not loged in..

By Jeff Walden

Tue, 21 Sep 2004 22:38:56 +0100

Two reasons, Neil:

It's the bugs which deal with relations with other companies. Say, for instance, the Mozilla Foundation has a bug on working with Google (hypothetically, of course). The bug can be marked as private to only a certain group of Bugzilla accounts easily. However, if someone's eavesdropping on even one connection with the bug page using a properly permissioned account, the privateness of the bug is compromised.

Without a secure connection, it's also possible to do the same thing for login attempts. Find someone with the proper permissions and you can see anything.

Personally, I'd guess securing Bugzilla connections is something that's been strongly encourage by outside companies more than by insiders with the Foundation itself (tho doubtless they played at least some part in making this happen).