https://bugzilla.wikimedia.org/show_bug.cgi?id=34590
--- Comment #29 from Platonides <platoni...@gmail.com> 2012-06-08 21:02:30 UTC --- (In reply to comment #28) > Would your solution solve the identity problem? It is not clear from what you > are saying. I'm proposing some changes to use it only on login. Thus greatly reducing the email -> username disclosure surface, and slowly getting acceptable for upstream. As far as the failure doesn't show the account as existing (ie. «There is no user account with that email or the provided password is wrong»), it could go in. OTOH, we could not make it available for the username field of «forgotten password». We can't reveal if random emails exist or not. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
