On Thu, Oct 20, 2016 at 04:25:23PM -0700, stan wrote: > > Currently, you can login via any of the providers listed here: > > https://lists.fedoraproject.org/accounts/login/ > > yahoo, generic openid, google, fedora, twitter, github, gitlab, > > facebook, stack exchange. > > I've been thinking about this. It seems like security is being traded > off for convenience. If a breach of security occurs (like the yahoo > breach), it means that multiple accounts are now compromised. I can > see where it becomes easier to administer since the responsibility for > administration is now someone else's responsibility. > > Am I missing something? Well, mailman2 passwords were always kind of a joke anyway, since you could reset it with your email address; if you're subscribed with a yahoo account and your yahoo password is compromised, they could log in. But beyond that, security is relative to risk, and related to that, consequences of failure. What are the consequences here? -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
