Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?

[Ineiev]

On Tue, Mar 12, 2019 at 03:55:34PM -0400, John Sullivan wrote:
> Ineiev <address@hidden> writes:
> 
> > On Mon, Mar 11, 2019 at 10:11:52AM -0700, John Sullivan wrote:
> >> On March 11, 2019 9:50:20 AM PDT, Ineiev <address@hidden> wrote:
> >> 
> >> Actually, we wouldn't need a whitelist.
> >
> > By the way, should we blacklist accounts with email like '@mfsa.info$'?
> >
> 
> I'm not sure. You mean ones that aren't actually valid email addresses?

No, I don't: one needs a valid email address in order to at activate
the new account, and unactivated accounts are removed automatically.

I mean services that supposedly let any visitor read messages
for any 'account'.

...
> No, but staff could do it for RMS and any other accounts the FSF needs
> to reserve/keep; hopefully any other account that needs to be kept
> indefinitely despite never logging in would similarly have human
> caretakers associated with it. If not, then I suppose a whitelist would
> be the next step. Such a whitelist would still need to be periodically
> reviewed, so I'm not sure it's any better than just making sure every
> account is actually assigned to a person and put through the normal
> process.

I doubt this additional maintenance work and other drawbacks would
be justified these days.

signature.asc
Description: Digital signature