Password Reset
Toshio Kuratomi
a.badger at gmail.com
Tue Mar 10 01:52:38 UTC 2009
Tom Lane wrote:
> Kevin Kofler <kevin.kofler at chello.at> writes:
>> Another unfortunate side effect of that password expiration: mail to
>> username at fedoraproject.org bounces for those people who haven't renewed
>> their password in time. This is also a security risk because it means
>> people can commit bad things to their packages without them noticing. (I
>> just got such a bounce for the commit message for a rebuild for broken
>> dependencies.)
>
> Ick. Surely that's a flat-out bad idea, independently of what you think
> of forced password changes.
>
> Mail should only be disabled for dead accounts, and an account that is
> the maintainer of record for a live package had better not be considered
> dead, even if its password is (temporarily?) expired.
>
So this one actually works both ways and we won't know unless the person
reactivate their account which it is.
If the person is actually gone, this has found that out for us and we
can orphan their packages and begin the process of finding new owners
for them.
If the person is not actually gone then mail is bouncing as you say with
all the problem you mention.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090309/1cd6c613/attachment.sig>
More information about the fedora-devel-list
mailing list