Ian Kelly writes: > Instead of or in addition to the primary email address on the > account, it seems to me that these emails should at minimum be sent > to the email address that was used to initiate the password reset.
I assume you mean that the email used to reset is in fact registered as a secondary address on that user. If not, it's clearly a major security hole. _______________________________________________ Tracker-discuss mailing list Tracker-discuss@python.org https://mail.python.org/mailman/listinfo/tracker-discuss
