[Catalog-sig] OpenID login to PyPI

Georg Brandl g.brandl at gmx.net
Mon Nov 16 16:22:22 CET 2009


exarkun at twistedmatrix.com schrieb:
> On 06:51 am, martin at v.loewis.de wrote:
>>>Martin van L�wis writes:
>>>>But then, users can easily create as many fake accounts as they want
>>>>to.
>>>
>>>What is a  1Cfake account 1D?
>>
>>It's one setup with malicious intent, such as spamming.
>>>I have three OpenIDs that I use for different
>>>purposes. On some sites, I will associate them together; on others, I
>>>only use one. Are any of those  1Cfake accounts 1D?
>>
>>No - since you don't have any malicious intent (I presume).
>>>If on the other hand you mean  1Cfake PyPI account 1D, there's nothing 
>>>about
>>>OpenID that circumvents a proper registration process.
>>
>>Well, from my view (as a relying party), THAT'S THE WHOLE POINT OF
>>OPENID (sorry for shouting). I don't understand what's so difficult
>>about that. Sure, it is convenient to the user to not need to remember
>>their passwords and account names in these various sites - but OpenID
>>also can (if done properly) simplify the life for the service operator.
> 
> Since I can create as many gmail accounts as I want and use them to 
> register as many separate PyPI accounts as I want, what's the point of 
> trying to enforce this restriction on OpenID-based accounts?
> 
> It seems that it only causes problems for people who want to use OpenID, 
> while not really preventing any opportunities for spammers (who can 
> always just use non-OpenID authentication).
> 
> Is the plan to eventually disable non-OpenID authentication?

I hope not.

Georg

-- 
Thus spake the Lord: Thou shalt indent with four spaces. No more, no less.
Four shall be the number of spaces thou shalt indent, and the number of thy
indenting shall be four. Eight shalt thou not indent, nor either indent thou
two, excepting that thou then proceed to four. Tabs are right out.



More information about the Catalog-SIG mailing list