© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
> 1. What is the scope of harm if this BZ is not resolved in this release?
It will not be possible to log into the Web Console any more once the current nightly Firefox/Chrome browsers get released and widely used.
> 2. What are the risks associated with resolving this BZ? Reviewers want to
> know the scope of retesting, potential regressions
For Cockpit itself, changes to the login page's capability checks have the potential to break with older browsers. The current check is just plain wrong, and gets fixed to adhere to the W3C spec. But it needs to be tested with older and current Firefox, Chromium, and other browsers (in particular Safari).
For other RHEL components or RH products there is no regression potential. Cockpit has very few reverse dependencies -- the only known one is Foreman/Satellite, which has a [Web Console] button. But this is set up in a way to not ever show the login page, the user gets right into an authenticated Cockpit session. Specifically, the login page is for human users, it is not an API.
The fix is minimal, targeted, and very straightforward (at least to someone with some CSS background): https:/
> 3. Provide any other details that meet blocker criteria or should be weighed
> in making a decision (Other releases affected, upstream status, business
> impacts, etc).
The Web Console is a popular and widely announced RHEL feature; e.g. it gets a significant number of feature requests and support cases, is installed by default, and is even advertised in motd. As such, failure to log in would be a fairly embarassing and bad behaviour.
> 4. Provide reasoning why this request is being solved after regular DTD
> cycle. This will help us to assess & improve the exception process.
The change in Firefox nightly that exposed/caused this only happened 6 days ago (https:/