Re: how to login to the list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 20 Oct 2016 19:32:42 -0400
Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:

> On Thu, Oct 20, 2016 at 04:25:23PM -0700, stan wrote:
> > > Currently, you can login via any of the providers listed here: 
> > > https://lists.fedoraproject.org/accounts/login/
> > > yahoo, generic openid, google, fedora, twitter, github, gitlab,
> > > facebook, stack exchange.  
> > 
> > I've been thinking about this.  It seems like security is being
> > traded off for convenience.  If a breach of security occurs (like
> > the yahoo breach), it means that multiple accounts are now
> > compromised.  I can see where it becomes easier to administer since
> > the responsibility for administration is now someone else's
> > responsibility.
> > 
> > Am I missing something?  
> 
> Well, mailman2 passwords were always kind of a joke anyway, since you
> could reset it with your email address; if you're subscribed with a
> yahoo account and your yahoo password is compromised, they could log
> in.
> 
> But beyond that, security is relative to risk, and related to that,
> consequences of failure. What are the consequences here?
> 

I read this as saying that you are agreeing that it is a security risk,
but that what is being risked is of so little value that any compromise
of security is not worthy of consideration.  And that seems to make
sense in this case.

I then think that Fedora is using all those other accounts as a sort of
'captcha' filter to prevent spam from getting to the list. Otherwise,
why bother having any security at all to sign up for a mailing list?
Just take the email address, send a confirmation, get a response, and
bob's your uncle.

In fact, given that a spammer could set up their own openid server,
there really isn't any security at all.  I suppose the work of setting
up and maintaining the server is a hurdle to prevent casual abuse.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux