On 06:51 am, [email protected] wrote:
Martin van L�wis writes:
But then, users can easily create as many fake accounts as they want
to.
What is a 1Cfake account 1D?
It's one setup with malicious intent, such as spamming.
I have three OpenIDs that I use for different
purposes. On some sites, I will associate them together; on others, I
only use one. Are any of those 1Cfake accounts 1D?
No - since you don't have any malicious intent (I presume).
If on the other hand you mean 1Cfake PyPI account 1D, there's nothing
about
OpenID that circumvents a proper registration process.
Well, from my view (as a relying party), THAT'S THE WHOLE POINT OF
OPENID (sorry for shouting). I don't understand what's so difficult
about that. Sure, it is convenient to the user to not need to remember
their passwords and account names in these various sites - but OpenID
also can (if done properly) simplify the life for the service operator.
Since I can create as many gmail accounts as I want and use them to
register as many separate PyPI accounts as I want, what's the point of
trying to enforce this restriction on OpenID-based accounts?
It seems that it only causes problems for people who want to use OpenID,
while not really preventing any opportunities for spammers (who can
always just use non-OpenID authentication).
Is the plan to eventually disable non-OpenID authentication?
Jean-Paul
_______________________________________________
Catalog-SIG mailing list
[email protected]
http://mail.python.org/mailman/listinfo/catalog-sig
