Message-ID: <4b00683b.6090...@v.loewis.de> Martin van Löwis writes: > But then, users can easily create as many fake accounts as they want > to.
What is a “fake account”? I have three OpenIDs that I use for different purposes. On some sites, I will associate them together; on others, I only use one. Are any of those “fake accounts”? If on the other hand you mean “fake PyPI account”, there's nothing about OpenID that circumvents a proper registration process. You just do it after asking the user their OpenID, when you find out the OpenID isn't yet associated with a PyPI account. An OpenID provider can provide data on the user's behalf during the PyPI account registration process (using “Simple Registration extension”), but there's nothing requiring you to treat that data any differently from whatever else the user might put into a form. Does that address the “fake account” concern, or have I misunderstood? -- \ “I'm beginning to think that life is just one long Yoko Ono | `\ album; no rhyme or reason, just a lot of incoherent shrieks and | _o__) then it's over.” —Ian Wolff | Ben Finney _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig