[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Password resets

So holy crap does the planet hate it when you ask people to reset their
passwords.  In particular though, they hated the following:

1. Kittens

2. "Password Expiration" is confusing and does not imply "account
expiration".  Some may have ignored the warning because they did not
understand what the consequences were.

3. Mail aliases going away.  This one's legit and accounts for the only
data loss we actually had.

4. fedorapeople space going away and not coming back automatically.

[1] requires the killing of all kittens

[2] just requires a better email to go out, possibly with a link to a wiki
page.  It'd be good for this to be translated.

[3] requires another "account" type or at least fasClient to be smart
enough to know how old the 'inactive' account is.  I'd suggest a month or

[4] requires us to restore whatever is in
/home/fedora.bak/$username.$timestamp at the time the account becomes
active again.  We won't leave $username.fedorapeople.org up for security /
liability reasons.  But we will make it transparent to the user that it
looks like their stuff never went away.

I'm going to disable password reset/account expiration until at least 3 of
the 4 above are done.

Please hate me a little less now.  Thoughts?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]