On Mon, 15 Jul 2013 08:22:40 -0400, Donald Stufft <don...@stufft.io> wrote: > So I was able to log in to the "nobody" account without a password > (Why is this even possible?). It gave me powers to edit users and some > other shit. I added a password to the nobody account since these lists > are publicly available and if I can get into that user so can others.
Ah, I didn't realize you could edit users (I thought that was Coordinator role) or I would have changed the password myself. > I will make the password available to whoever is in charge, (Or they > can just change the password themselves I don't care). I think the user should just be retired. My guess is that it dates from a time when we were less worried about bad actors coming in and trashing things just for the fun of it. What I don't know is if there is some script somewhere depending on it being a valid user. For now, I've removed its access roles, and we'll see if anything breaks. --David _______________________________________________ python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
