[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: savannah.gnu.org Verification
From: |
Mathieu Roy |
Subject: |
[Savannah-hackers] Re: savannah.gnu.org Verification |
Date: |
09 Jan 2003 16:27:53 +0100 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
Per Abrahamsen <address@hidden> said:
> Mathieu Roy <address@hidden> writes:
>
> > Per Abrahamsen <address@hidden> said:
> >
> >> Hi Hackers,
> >>
> >> I have not requested a password change, and the logget IP is not one I
> >> use.
> >>
> >> The last line of the message confuses me. Am I supposed to visit the
> >> "confirm change" URL even though I definitely do *not* want to confirm
> >> the change?
> >
> > No, you are not.
> >
> > In fact, the way password can be changed come from the original SF
> > version. And someone, Thomas Buschnell (sorry if I mispell it, do not
> > remember well), noticed, it's possible to steal someone account in
> > some particular case.
> >
> > That's why there's informations logged (IP etc).
> >
> > But anyway, there's not so much thing someone can do with a stolen
> > account and the way it works is similar to the way every website I
> > know works (I would be happy to enhance this part, but nobody ever
> > proposed something actually 100% ok).
>
> I must admit I have no idea what you are talking about.
>
> But if one is *not* suppossed to visit the URL if the request did not
> come from one self, please change the last line of the message to say
> so. E.g. instead of
>
> | If you did not request this verification, please visit this URL to
> | report about it to address@hidden
>
> write
>
> | If you did not request this password change, do *not* visit the URL
> | above, instead forward this message to address@hidden
Apparently, someone changed the message, but I'm not aware of the
reasons behind this change.
--
Mathieu Roy
<< Profile << http://savannah.gnu.org/users/yeupou <<
>> Homepage >> http://yeupou.coleumes.org >>
<< GPG Key << http://stock.coleumes.org/gpg <<