savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?


From: John Sullivan
Subject: Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?
Date: Tue, 12 Mar 2019 15:55:34 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)

Ineiev <address@hidden> writes:

> On Mon, Mar 11, 2019 at 10:11:52AM -0700, John Sullivan wrote:
>> On March 11, 2019 9:50:20 AM PDT, Ineiev <address@hidden> wrote:
>> 
>> Actually, we wouldn't need a whitelist.
>
> By the way, should we blacklist accounts with email like '@mfsa.info$'?
>

I'm not sure. You mean ones that aren't actually valid email addresses?

>> The only activity requirement in the
>> criteria I've seen in several other places to prevent deletion was logging
>> in.
>
> I think we could use this criterion if we notify the users that, say,
> their account is to be deleted unless they log in within the next month;
> but some extra caution would be needed when actually deleting: right now,
> this may easily break accounts like <gnun>.
>

Yes, that's what I meant too -- notify that they need to log in or else
the account will be deleted. Good point about the automated accounts, so
we'd need someone willing to log in on their behalf -- that seems like a
good idea anyway, to ensure there is still some person connected with
that automated thing. 

>> That's not too much to ask every rarely so often. RMS can do it, or staff
>> can do it for him.
>
> This would be a more expensive implementation of a whitelist.
> staff can't do it for all Savannah users who would need it, can it?
>

No, but staff could do it for RMS and any other accounts the FSF needs
to reserve/keep; hopefully any other account that needs to be kept
indefinitely despite never logging in would similarly have human
caretakers associated with it. If not, then I suppose a whitelist would
be the next step. Such a whitelist would still need to be periodically
reviewed, so I'm not sure it's any better than just making sure every
account is actually assigned to a person and put through the normal
process.

-john

-- 
John Sullivan | Executive Director, Free Software Foundation
GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B
https://status.fsf.org/johns | https://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
<https://my.fsf.org/join>.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]