On 2016-05-11 08:49:14 +1200 (+1200), Robert Collins wrote: [...] > Ubuntu SSO is **not** Launchpad. Launchpad is just another consumer of > Ubuntu SSO, and it has the 'feature' of forwarding through to Ubuntu > SSO - so we're actually seeing Ubuntu SSO spam accounts :(. [...]
Thanks for the correction, you're right that's actually what I meant (I should be more careful not to accidentally conflate the two with vague terminology). In fact I went so far as trying to track them back to Launchpad profiles via the LP API's OpenID reverse lookup method and confirmed they don't have any, so they're using login.launchpad.net to create accounts to spam various places (our wiki, the Ubuntu wiki, and presumably lots of others too). I think that means, at least in most cases, they're probably not actually preexisting compromised accounts and just new accounts created solely for the purpose of spamming places relying on the Ubuntu SSO for authentication. -- Jeremy Stanley __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev