On Mon, 2008-06-09 at 21:29 +0300, Baris Cicek wrote: > Hi; > > If someone can lead the organization of such a thing, we can add it to > Events page as well. If still there is time, I can take care of this. Also, I would like to have some feedback from Olav and/or Christian. Regards, > On Mon, 2008-06-09 at 10:10 -0400, Germán Póo-Caamaño wrote: > > On Sun, 2008-06-01 at 19:33 +0200, Olav Vitters wrote: > > > On Sun, Jun 01, 2008 at 06:21:57PM +0200, Christian Rose wrote: > > > > On 9/29/07, Olav Vitters <olav bkor dhs org> wrote: > > > > There seems to be a bunch of "what's my Mango password?" tickets > > > > stalled in RT3. > > > > I'd like to know what I should answer the requestors. Is there a simple answer? > > > > I tried > > > > > > Depends if they want to retrieve their password or reset it. Resetting > > > is very annoying. This as > > > a) I don't want people being able to login to the main LDAP server (even > > > if there is a command restriction) > > > b) Even if those logins would be allowed, I wouldn't trust a suid reset > > > command > > > c) Socket cannot change the password anyway as it is not the main LDAP > > > server (could be done if everything uses openldap 2.4+.. RHEL5 has 2.3) > > > d) MAINTAINERS file crappiness > > > > > > Long term, I want people to use GPG instead of passwords. Then the > > > password is only there for some services like e.g. Jabber. I don't know > > > much about LDAP (finally understand it somewhat since the last few > > > days!) > > > If people would need a password reset, they'd login to Mango using GPG, > > > then click the 'new password' button. This would give them a new > > > password. It is stalled due to lack of resources (would appreciate more > > > help with building new infrastructure). > > > > > > Note: The reason I haven't implemented GPG yet is only due to not > > > getting to it (it is difficult). I'm not going to ask for consensus. It > > > will be implemented. I don't mind if people don't want it, it will be > > > their problem if they want to give a new developer an SVN account, etc. > > > > If GPG is the way to go, shouldn't be the GUADEC a good opportunity to > > have a GPG Key Signing Party[1]? > > > > A GPG key without any other sign who trust it doesn't have enough value. > > > > [1] > > http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html > > > > _______________________________________________ > > Gnome-infrastructure mailing list > > Gnome-infrastructure gnome org > > http://mail.gnome.org/mailman/listinfo/gnome-infrastructure > > -- Germán Póo-Caamaño Concepción - Chile http://www.calcifer.org/
Attachment:
signature.asc
Description: This is a digitally signed message part