On 23 June 2018 at 13:07, Richard Hipp <d...@sqlite.org> wrote: > Just FYI: > > I have opened up email notifications on the canonical Fossil > repository. To subscribe, visit: > > https://fossil-scm.org/fossil/subscribe > > Your help in finding creative ways of breaking the new system is appreciated. >
This is already touched on in your email design document, but I'm just adding another point here. I really like the idea of the subscriberCode, because passwords are not needed to be stored or remembered to alter the subscription. However, the subscriberCode doesn't have to be stolen for the subscription to be altered. If I inadvertently forward my email along to someone/group without modifying the footer, the person/group would be able to alter my subscription. But as you point out, only the email address is available for the miscreant and no username/password, etc. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
