Il giorno 11/feb/2013, alle ore 12:27, Jesse Noller <[email protected]> ha scritto:
> Ok, that has to be made clear to the poor guy merging the PR > > I'm also fine with Christian's migration path; I share his concerns about > your approach. This is harder to fix. Christian's main concern is that he doesn't trust me and my proposed solution because he didn't see it elsewhere. I saw it mentioned many times around, but I think that, at the end of the day, that's a red herring: the point is that I'm not in his (and/or your) trust circle, but that's fine, we can still find a way around it. It's probably useless for me to keep arguing though. I think that a migration path on login from an unsalted SHA1 is completely wrong, so I have a proposal: I will submit it if we agree on resetting all the passwords immediately; or within a short timeframe (eg: 2 months), and notify all the users to login once as soon as possible (so after 2 months we reset passwords of users who haven't logged in). Would that work? -- Giovanni Bajo :: [email protected] Develer S.r.l. :: http://www.develer.com My Blog: http://giovanni.bajo.it
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
