On 10/20/2016 04:25 PM, stan wrote: > On Thu, 20 Oct 2016 13:03:23 -0600 > Kevin Fenzi <kevin@xxxxxxxxx> wrote: > >> Unlike mailman 2, mailman 3 (which we now use for all Fedora lists), >> has no local accounts or passwords. (aside from a few added when we >> were using persona) You instead manage your lists by logging in using >> some existing account and then attaching whatever email addresses you >> use to that account. >> >> Currently, you can login via any of the providers listed here: >> https://lists.fedoraproject.org/accounts/login/ >> yahoo, generic openid, google, fedora, twitter, github, gitlab, >> facebook, stack exchange. > > I've been thinking about this. It seems like security is being traded > off for convenience. If a breach of security occurs (like the yahoo > breach), it means that multiple accounts are now compromised. I can > see where it becomes easier to administer since the responsibility for > administration is now someone else's responsibility. > > Am I missing something? Not to my mind. SSO (single sign on) is, IMHO, a really bad thing. Yes, it's easier to administer because the authentication is being handled by someone else and you "don't have to be bothered". However, now your security is now ENTIRELY dependent on the security of that provider. If they're breached, YOU'RE breached. Relying on someone else to provide your security is, again IMHO, a truly idiotic thing to do. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Whoever said "Money can't buy happiness" obviously never had any - - money! - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
