I've been discussing with Florian on IRC a suggestion for improved account security.
On many sites, you will get a message a message like this: >Hello evildmp, > >We wanted to let you know that your GitHub password was changed. > >If you did not perform this action, you can recover access by entering >[email protected] into the form at https://github.com/password_reset. > >To see this and other security events for your account, visit https:// >github.com/settings/security. > >If you run into problems, please contact support by visiting https:// >github.com/contact or replying to this email. (In fact my gumtree.com account was compromised, and this mechanism is how I learned about it, and was able to alert Gumtree and have a fraudulent advertisment removed from my account within minutes). A similar thing would be valuable in Django, to help improve the security of all Django accounts and sites. I am not sure how it could or should be implemented; Florian suggests as part of a more general audit framework. On a related matter, my djangoproject.com account has an associated email address (not the same one as at code.djangoproject.com) but I don't think I am able to change that. Daniele -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/20151115134646.344271125%40mail.wservices.ch. For more options, visit https://groups.google.com/d/optout.
