On Mon, Sep 19, 2016 at 09:35:46AM +0200, Aurelien Bompard wrote:
>    I've thought about that over the weekend and I think we could just disable
>    user signup by redirecting users to FAS. This way existing Persona users
>    could still request a password and login, but the bulk of new users would
>    just create accounts in FAS. Of course we would sill have a database with
>    passwords for some users, but since (to my knowledge) former Persona users
>    can't be migrated to FAS directly, I don't think we can avoid that.
>    For those who had nightmares for too long with the Mailman 2 plaintext
>    password storage and fear it's coming back, rest assured that the
>    passwords are hashed and salted by Django. There may even be pepper and
>    garlic.

>    Thoughts, suggestions?

Hi Aurélien,

Thanks for the heads-up, I was wondering, do you have some order of magnitude of
how many accounts we're talking about?
Could it be possible to check how many of these people have a FAS account with
the same email? (I know I logged in on HK w/ persona a while back and I was
using the same email as is attached to my FAS account, for example).

Just to have some ideas :)

infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Reply via email to