On Fri, 14 Sep 2012 16:46:01 +0000, nrickert wrote:
> I have to login after 8 hours, even if there was a lot of activity, with
> the most recent activity perhaps only 30 minutes earlier.
This should not actually be the case - 8 hours of inactivity in a session
(but defined as inactivity related to accessing a protected resource,
which is going to be either a private forum, posting a reply, or posting
a new message).
But everyone’s use case is different - myself, I spend hours logged into
Bugzilla for work related reasons. Those who process bugs tend to do
Ultimately, there are two (possibly more) considerations to be made.
First, that the project opted to use this user data store for a common
login between services.
Second, not everyone’s use case is going to be the same, so customizing
the interface to accommodate multiple conflicting use cases isn’t going
Take, for example, the use case of a user who doesn’t want to maintain
multiple different logins for different parts of the openSUSE project -
because remembering multiple login IDs and passwords for those different
parts is too difficult - and perhaps someone has registered their user ID
on the forums.
Or the user case of a user who posts in a forum, then goes to report a
bug based on a discussion in the forums. It’s “inconvenient” for that
user to have to log in to bugzilla in order to report their bug or to
update it after new information comes out in the forum.
My own use case for the forums is quite different, as it would be for
staff. The ability to perform administrative tasks means that there is a
higher security need for those of us who do that, otherwise someone with
access to the forums though one of our accounts could really hork things
up for everyone.
So I tend to access the forums myself only when performing administrative
tasks (I use NNTP primarily otherwise), and I log off the forums (and all
openSUSE/Novell/NetIQ/SUSE resources consequently) when I’m done.
There are certainly pragmatic reasons why it isn’t going to change more
than it has - as I stated, we recognized that 2 hours was far too short a
time for most users, and we’ve upped the timeout accordingly to something
that those who manage the data could live with. The project desired a
common authentication mechanism for all services that involve uniquely
identifying individuals, and that system was in place and used by SUSE
Should the project decide that the cons outweigh the pros, of course that
would affect the forums, and we’d look at migrating to another
authentication mechanism. But such a decision wouldn’t be made lightly,
nor would it be made (I would hope) without regard to the disruption that
would be caused by forcing all users registered with the system(s) to re-
register and re-validate who they are.
Ultimately, I’m going to redirect everyone in this discussion to the
sticky entitled “Why we won’t implement your suggestion”. While that
post generally applies to interface tweaks and the like, the core also
applies to the underlying security architecture.
We do appreciate the feedback, of course. But it’s important to
understand that not everything is as simple as it looks like it should
be, and while we have made accommodation to increase the timeout,
removing it really isn’t an option at this stage.
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C