[Tracker-discuss] [issue430] Email address revealed to unauthenticated user
Martin v. Löwis
metatracker at psf.upfronthosting.co.za
Tue Nov 29 22:09:01 CET 2011
Martin v. Löwis <martin at v.loewis.de> added the comment:
I think some indication must be given to a legitimate user, as the user otherwise may not recall what email account to check. In the specific case of bugs.python.org, it may, in particular, be a sourceforge address.
If people are worried that users massively read out email addresses from the bug tracker, I'd rather rate-limit password reset operations by IP address, to one reset per hour.
If users use this to research a specific email address of a specific user account, I'd rather not stop them from doing so. People who are too worried about revealing their email address should arrange to use a separate address for places such as the bug tracker.
----------
nosy: +loewis
_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue430>
_______________________________________________________
More information about the Tracker-discuss
mailing list