[Savannah-hackers] Re: savannah.gnu.org Verification

[Mathieu Roy]

Per Abrahamsen <address@hidden> said:

> Mathieu Roy <address@hidden> writes:
> 
> > Per Abrahamsen <address@hidden> said:
> >
> >> Hi Hackers,
> >> 
> >> I have not requested a password change, and the logget IP is not one I
> >> use.  
> >> 
> >> The last line of the message confuses me.  Am I supposed to visit the
> >> "confirm change" URL even though I definitely do *not* want to confirm
> >> the change?
> >
> > No, you are not.
> >
> > In fact, the way password can be changed come from the original SF
> > version. And someone, Thomas Buschnell (sorry if I mispell it, do not
> > remember well), noticed, it's possible to steal someone account in
> > some particular case.
> >
> > That's why there's informations logged (IP etc).
> >
> > But anyway, there's not so much thing someone can do with a stolen
> > account and the way it works is similar to the way every website I
> > know works (I would be happy to enhance this part, but nobody ever
> > proposed something actually 100% ok).
> 
> I must admit I have no idea what you are talking about.
> 
> But if one is *not* suppossed to visit the URL if the request did not
> come from one self, please change the last line of the message to say
> so.  E.g. instead of
> 
> | If you did not request this verification, please visit this URL to
> | report about it to address@hidden
> 
> write
> 
> | If you did not request this password change, do *not* visit the URL
> | above, instead forward this message to address@hidden

Apparently, someone changed the message, but I'm not aware of the
reasons behind this change.



-- 
Mathieu Roy
 
 << Profile  << http://savannah.gnu.org/users/yeupou <<
 >> Homepage >> http://yeupou.coleumes.org           >>
 << GPG Key  << http://stock.coleumes.org/gpg        <<