On 4/6/19 9:47 PM, Florian Dold wrote: > Thanks for taking the time to set this up. So far some things don't > seem right yet: > > There is a massive security problem. Everybody (!!) is able to create > accounts and set their password, *without* being the owner of the > respective email address. As "proof", I've been so friendly to create > an account and sample project "as Christian" (sorry Christian!). > > https://gitlab.gnunet.org/grothoff/gitlab-is-so-awesome-but-insecure
I can confirm the hack. Nice job! :-) Go gitlab. Secure by default.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list GNUnet-developers@gnu.org https://lists.gnu.org/mailman/listinfo/gnunet-developers
