On Oct 2, 2008, at 11:51, Alan Burlison wrote: > Simon Phipps wrote: > >>>> So what content is it that you're worrying about enough to force >>>> me to log in every time I visit OS.o each day? >>> >>> Source code. >> So protect the source code. Burdening every community interaction >> with the site is surely not an essential consequence? > > You have a single log in to the site, the same credentials are used > for both editing web pages and managing access to source code.
Right. And I only want one log-in. What I'm suggesting is that you don't age the credentials uniformly across the site. Rather, I am suggesting that you age them aggressively in areas where the leverage gained by abuse is strong (e.g. changing SSH keys) and age them very casually elsewhere. I once again assert that it's a bad choice to burden every interaction simply to protect a very small minority of interactions. S. _______________________________________________ website-discuss mailing list [email protected]
