Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?

[John Sullivan]

Ineiev <address@hidden> writes:

> On Tue, Mar 12, 2019 at 03:55:34PM -0400, John Sullivan wrote:
>> Ineiev <address@hidden> writes:
>> 
>> > On Mon, Mar 11, 2019 at 10:11:52AM -0700, John Sullivan wrote:
>> >> On March 11, 2019 9:50:20 AM PDT, Ineiev <address@hidden> wrote:
>> >> 
>> >> Actually, we wouldn't need a whitelist.
>> >
>> > By the way, should we blacklist accounts with email like '@mfsa.info$'?
>> >
>> 
>> I'm not sure. You mean ones that aren't actually valid email addresses?
>
> No, I don't: one needs a valid email address in order to at activate
> the new account, and unactivated accounts are removed automatically.
>
> I mean services that supposedly let any visitor read messages
> for any 'account'.
>

I'm not familiar with them, but doesn't sound like a great thing to
allow for account registration.

> ...
>> No, but staff could do it for RMS and any other accounts the FSF needs
>> to reserve/keep; hopefully any other account that needs to be kept
>> indefinitely despite never logging in would similarly have human
>> caretakers associated with it. If not, then I suppose a whitelist would
>> be the next step. Such a whitelist would still need to be periodically
>> reviewed, so I'm not sure it's any better than just making sure every
>> account is actually assigned to a person and put through the normal
>> process.
>
> I doubt this additional maintenance work and other drawbacks would
> be justified these days.
>

What are the benefits to removing inactive accounts?

I named one, which is security.

-john

-- 
John Sullivan | Executive Director, Free Software Foundation
GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B
https://status.fsf.org/johns | https://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
<https://my.fsf.org/join>.