What to do with ssl="authenticated sessions" + code freeze date for Bugzilla 3.6

Frédéric Buclin lpsolit at gmail.com
Wed Aug 19 00:58:27 UTC 2009


Hi all,

At the Bugzilla meeting today, there has been some discussion about what
to do with the "authenticated sessions" value of the ssl parameter now
that you can log in from every page. It seems that it doesn't make sense
to keep this value anymore as all pages must be protected using SSL as
you can potentially use any of them to log in. Does anyone see a valid
reason to not kill this value? This means the ssl parameter would become
a single yes/no to use ssl or not, see bug 329638.

Now something unrelated to SSL, I just wanted to inform you that the
code freeze for Bugzilla 3.6 will happen at the end of September, two
months after the release of Bugzilla 3.4. No new features will be
accepted for 3.6 past this deadline, only bug fixes. So your
contributions should be attached to b.m.o before this date if you expect
to see them implemented for 3.6. And keep in mind that most patches
don't get review+ on the first revision, so include in your timing
enough time to update your patches before the freezing date. ;)

I think that's all for today. :)

LpSolit



More information about the developers mailing list