Password Reset

[Dave Airlie]

On Tue, 2009-03-10 at 22:41 +0100, Till Maas wrote:
> On Mo März 9 2009, Mike McGrath wrote:
> > So the password reset generally went off without a hitch but a lot of
> > people forgot to reset their password or just plain didn't and I'm
> > wondering if it's because of where I sent the notifications to so I
> > thought I'd ask.  Would you generally like password reset requests to go
> > to:
> >
> > username at fedoraproject.org (the alias that directs to your email addr)
> >
> > the email address we have listed
> >
> > or both?
> 
> Please send it only once, I do not care to which address. But here are some 
> suggestions for improvement:
> 
> 1) Please use a consistent subject for these mails:
> 
> February: Fedora Project Password Reset Request
> December(1): FAS Password Change Request
> December(2): FAS Password
> 
> 2) The mail from 2009-02-09 only said, that the password will expire. It was 
> not mentioned that also further action will occur, e.g. afaik the contents of 
> fedorapeople.org where moved. E.g. I only changed my password because I had to 
> submit a security update, but otherwise I would not have cared for an expired 
> password, because of little available time for Fedora work right now. 
> Nevertheless I would have cared about moved fedorapeople.org contents or 
> missing CVS notifications.

Yeah this was the point that was missed, missing a password reset should
*not* remove web content and email addresses, this is called overkill, a
staged removal, where you reset the password, wait 2-3 months and then
start culling the crap.

Its also arguable whether web content should ever be killed, when I
started in RH people were very quick to give out about
people.redhat.com, and saying use people.fedoraproject.org we don't have
any of the silly limitations and a/c expiring stuff. Guess they were
wrong.

Dave.