On Thu, 20 Oct 2016 20:01:01 -0700 stan <stanl-fedorauser@xxxxxxxxxxx> wrote: > I read this as saying that you are agreeing that it is a security > risk, but that what is being risked is of so little value that any > compromise of security is not worthy of consideration. And that > seems to make sense in this case. > > I then think that Fedora is using all those other accounts as a sort > of 'captcha' filter to prevent spam from getting to the list. > Otherwise, why bother having any security at all to sign up for a > mailing list? Just take the email address, send a confirmation, get a > response, and bob's your uncle. Well, you may need to change your email address, change your options, post from the web interface or the like, and for that there needs to be a way to identify you as you. > In fact, given that a spammer could set up their own openid server, > there really isn't any security at all. I suppose the work of setting > up and maintaining the server is a hurdle to prevent casual abuse. I think thats an odd way of looking at it. Spammers can (and do) sign up for accounts everywhere, which they could use to subscribe to the list and post, but I think most spam these days is looking for easy and volume, so thats too much trouble to bother with usually. There also is security for each account... just as much security as the provider you choose to login with has. Personally, I would not trust yahoo at all, but I do trust Fedora. Its up to you which one you use. kevin
Attachment:
pgpDKZ5HaEIYL.pgp
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
