Red Hat Bugzilla – Bug 27652
Bugzilla mailer improperly using http_S_
Last modified: 2007-04-18 12:31:28 EDT
The mailers for Bugzilla advice of change emails are of this form:
To: email@example.com, firstname.lastname@example.org, email@example.com
Subject: [Bug 27106] Changed - Text anaconda install loses state when
switching through VC's
... there is NO benefit for the the use of port 443 SSL here ... it falls
back to port 80 http,
AND there is a COST -- LYNX-SSL (in which I view the web and read mail)
will NOT keep inter-session cookies for httpS sites ... this is a feature
so that a later hostile user has to re-auth intra-session ...
PLEASE change the mailder to the form:
... so that I might not have to log in over and over as I read mail and
append to Bugzilla transactions ...
I do not understand why you say there is no advantage to using the https
connection over using no ssl connection. This disallows people from seeing your
plaintext password over the network. Are you saying when using the link in an
SSL-capable browser it is redirecting back to an regular http connection? If
that is the case then there is a bug somewhere I need to look into. If this is
not the case then I do not know what needs fixing except for the possibility of
fixing lynx-ssl. In that case I would just remove the s in https before
accessing the link in the email. I was unaware that lynx-ssl had this
disadvantage when fixing the emails with the new links. I was asked by
management to add the https as the standard link since all developers in Red Hat
primarily use ssl-capable browsers that do not have the problems with logging in
PLEASE pull the LYNX from the rawhide, which in RH now supports https, and see
how painful to EVERY TIME have to re-authenticate (since HTTPS cookies are not
Use it for a day, trying to go from reading mail in pine to viewing in lynx, and
you'll change your mind ...
IMHO, this is a lynx problem, not a bugzilla one.
I have to agree, I have used lynx before and the last time I used it it still
did not support persistent cookies so I had to relogin each time I ran lynx. It
is unfortunate that each time you click on a link in an email it runs a new lynx
session which causes you to have to login. But I feel having the https in the
email far outweighs the disadvantages for people who click on it with SSL
capable browsers and forget to use https instead.