On Fri 2015-01-23 15:17:19 -0500, Launchpad wrote:
> vovd (vovd) tried to claim the Launchpad
> To finish claiming that team, making vovd (vovd)
> its owner, just follow the link below.
This is a troubling situation. Launchpad sends this token, but the
owner is a publicly-archived mailing list.
All an attacker needs to do is submit a request to claim the team, then
read the archive to find the token and claim the team.
Should launchpad have a warning against assigning group ownership to a
public mailing list?
over a year and i've never heard of anyone named vovd.