Bug 27652

Summary: Bugzilla mailer improperly using http_S_
Product: [Community] Bugzilla Reporter: R P Herrold <herrold>
Component: Bugzilla GeneralAssignee: David Lawrence <dkl>
Status: CLOSED WONTFIX QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.8CC: aleksey
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-12-20 16:07:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description R P Herrold 2001-02-14 20:14:40 UTC 
The mailers for Bugzilla advice of change emails are of this form:

 To: bfox, herrold, borgan
Subject: [Bug 27106] Changed - Text anaconda install loses state when
    switching through VC's
 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=27106
 
... there is NO benefit for the the use of port 443 SSL here ... it falls
back to port 80 http, 

AND there is a COST -- LYNX-SSL (in which I view the web and read mail)
will NOT keep inter-session cookies for httpS sites ... this is a feature
so that a later hostile user has to re-auth intra-session ...

PLEASE change the mailder to the form:

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=27106
 
... so that I might not have to log in over and over as I read mail and
append to Bugzilla transactions ...
Comment 1 David Lawrence 2001-02-15 01:45:03 UTC 
I do not understand why you say there is no advantage to using the https
connection over using no ssl connection. This disallows people from seeing your
plaintext password over the network. Are you saying when using the link in an
SSL-capable browser it is redirecting back to an regular http connection? If
that is the case then there is a bug somewhere I need to look into. If this is
not the case then I do not know what needs fixing except for the possibility of
fixing lynx-ssl. In that case I would just remove the s in https before
accessing the link in the email. I was unaware that lynx-ssl had this
disadvantage when fixing the emails with the new links. I was asked by
management to add the https as the standard link since all developers in Red Hat
primarily use ssl-capable browsers that do not have the problems with logging in
multiple times.
Comment 2 R P Herrold 2001-03-10 02:21:04 UTC 
PLEASE pull the LYNX from the rawhide, which in RH now supports https, and see
how painful to EVERY TIME have to re-authenticate (since HTTPS cookies are not
retained)

Use it for a day, trying to go from reading mail in pine to viewing in lynx, and
you'll change your mind ...
Comment 3 Aleksey Nogin 2002-11-13 11:30:13 UTC 
IMHO, this is a lynx problem, not a bugzilla one.
Comment 4 David Lawrence 2002-12-20 16:07:35 UTC 
I have to agree, I have used lynx before and the last time I used it it still
did not support persistent cookies so I had to relogin each time I ran lynx. It
is unfortunate that each time you click on a link in an email it runs a new lynx
session which causes you to have to login. But I feel having the https in the
email far outweighs the disadvantages for people who click on it with SSL
capable browsers and forget to use https instead.