Password Reset
Tom Lane
tgl at redhat.com
Tue Mar 10 01:36:51 UTC 2009
Kevin Kofler <kevin.kofler at chello.at> writes:
> Another unfortunate side effect of that password expiration: mail to
> username at fedoraproject.org bounces for those people who haven't renewed
> their password in time. This is also a security risk because it means
> people can commit bad things to their packages without them noticing. (I
> just got such a bounce for the commit message for a rebuild for broken
> dependencies.)
Ick. Surely that's a flat-out bad idea, independently of what you think
of forced password changes.
Mail should only be disabled for dead accounts, and an account that is
the maintainer of record for a live package had better not be considered
dead, even if its password is (temporarily?) expired.
regards, tom lane
More information about the fedora-devel-list
mailing list