Giovanni Bajo wrote: > Il giorno 11/feb/2013, alle ore 12:27, Jesse Noller <[email protected]> ha > scritto: > >> Ok, that has to be made clear to the poor guy merging the PR >> >> I'm also fine with Christian's migration path; I share his concerns about >> your approach. > > > This is harder to fix. Christian's main concern is that he doesn't trust me > and my proposed solution because he didn't see it elsewhere. I saw it > mentioned many times around, but I think that, at the end of the day, that's > a red herring: the point is that I'm not in his (and/or your) trust circle, > but that's fine, we can still find a way around it. It's probably useless for > me to keep arguing though. > > I think that a migration path on login from an unsalted SHA1 is completely > wrong, so I have a proposal: I will submit it if we agree on resetting all > the passwords immediately; or within a short timeframe (eg: 2 months), and > notify all the users to login once as soon as possible (so after 2 months we > reset passwords of users who haven't logged in). > > Would that work?
Why not leave the decision to change the password to the PyPI users and only do a blog post and perhaps have a banner on PyPI to notify them ? After all, unlike for the wiki installation, the PyPI passwords were not compromised. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
