Re: [savannah-help-public] [sr #109310] Loophole Creating Account

2018-04-16 Thread Rick Johnson 
Yes, certainly a little more alert about the email would help.  I cannot
remember why I didn't attend to mine.

Another idea would be to add a little note with the Login invalid error
message, like
"(You can reset your password if you validated your email)".

Rick


On Mon, Apr 16, 2018 at 12:41 AM Ineiev  wrote:

> Follow-up Comment #5, sr #109310 (project administration):
>
> > The "INVALID.NOREPLY" sender didn't encourage me to pay attention to the
> verification email.
>
> We could warn new users about it and tell them what the email is going to
> look
> like. Do you think that would help?
>
> ___
>
> Reply to this item at:
>
>   
>
> ___
>   Message sent via/by Savannah
>   http://savannah.gnu.org/
>
> --
Rick Johnson
631-921-8450

Re: [savannah-help-public] [sr #109310] Loophole Creating Account

2018-04-15 Thread Rick Johnson 
Sorry about the "customer" idea.
I really have not engaged enough to know better.

On Sat, Apr 14, 2018 at 8:39 PM Bob Proulx  wrote:

> Hi Rick,
>
> Rick Johnson wrote:
> > Okay, as long as you know and it gets logged as an issue.  It
> > creates customer pain.  Some ask for help sooner than others.  We
> > who are caught in the loop are few, so not much of a problem for
> > you, I guess.
>
> I chafe at the use of the word customer since it is a community
> resource.  We are all in this together.  It isn't a customer
> relationship.
>
> You may be thinking that I am somehow the developer of the web
> interface.  I am not.  I have only poked my nose into it on a few
> occasions.  I'm primarily working on the mailing lists and the
> hosting.  The web UI could definitely use some help.  Are you
> interested in contributing to it?
>
> > Many are probably okay with using different usernames.
>
> That's a poor workaround.  Anyone who has problems should contact us
> for assistance.  It isn't difficult to push things along.
>
> > Maybe Lastpass causes a pattern of use that enables the problem.
>
> It's possible.  Especially since we had a number of complaints from
> LastPass users all at once.  Seemed more than a normal amount.  And
> haven't heard any problems from then since.  Since the web UI hasn't
> changed it was possible that it was the password manager.
>
> Note that I think random passwords are the best security.  I am not a
> user of LastPass myself but they seem reasonable.  And in general I
> encourage the use of password managers.  I would definitely like the
> web UI to work well with password managers.
>
> > Just tryin' to help.
>
> Sure.  Patches welcome.  There hasn't been too much development done
> on the web site UI for some time.
>
> Bob
>
-- 
Rick Johnson
631-921-8450

Re: [savannah-help-public] [sr #109310] Loophole Creating Account

2018-04-14 Thread Bob Proulx 
Hi Rick,

Rick Johnson wrote:
> Okay, as long as you know and it gets logged as an issue.  It
> creates customer pain.  Some ask for help sooner than others.  We
> who are caught in the loop are few, so not much of a problem for
> you, I guess.

I chafe at the use of the word customer since it is a community
resource.  We are all in this together.  It isn't a customer
relationship.

You may be thinking that I am somehow the developer of the web
interface.  I am not.  I have only poked my nose into it on a few
occasions.  I'm primarily working on the mailing lists and the
hosting.  The web UI could definitely use some help.  Are you
interested in contributing to it?

> Many are probably okay with using different usernames.

That's a poor workaround.  Anyone who has problems should contact us
for assistance.  It isn't difficult to push things along.

> Maybe Lastpass causes a pattern of use that enables the problem.

It's possible.  Especially since we had a number of complaints from
LastPass users all at once.  Seemed more than a normal amount.  And
haven't heard any problems from then since.  Since the web UI hasn't
changed it was possible that it was the password manager.

Note that I think random passwords are the best security.  I am not a
user of LastPass myself but they seem reasonable.  And in general I
encourage the use of password managers.  I would definitely like the
web UI to work well with password managers.

> Just tryin' to help.

Sure.  Patches welcome.  There hasn't been too much development done
on the web site UI for some time.

Bob

Re: [savannah-help-public] [sr #109310] Loophole Creating Account

2018-04-14 Thread Rick Johnson 
Okay, as long as you know and it gets logged as an issue.
It creates customer pain.  Some ask for help sooner than others.
We who are caught in the loop are few, so not much of a problem for you, I
guess.
Many are probably okay with using different usernames.

Maybe Lastpass causes a pattern of use that enables the problem.

Just tryin' to help.
Rick


On Mon, Apr 9, 2018 at 9:15 PM Bob Proulx  wrote:

> Follow-up Comment #4, sr #109310 (project administration):
>
> Yours was not the only Lastpass user that reported problems.  There were
> several all at one time.  Seemed suspicious.
>
> The design is that pending accounts should be deleted after 36 hours or 3
> days
> or some similar time that I don't recall at this moment.  But in theory
> pending accounts that are not activated within that time are discarded and
> then allowed to be registered new again.  At that time a new email is sent
> out.  Something does appear to be broken there however.
>
> The web interface has been running on inertia for a while.  It could
> definitely use some help from someone who enjoys dealing with old PHP
> code.
> As with many projects like this I will say, patches welcome!
>
>
> ___
>
> Reply to this item at:
>
>   
>
> ___
>   Message sent via/by Savannah
>   http://savannah.gnu.org/
>
> --
Rick Johnson
631-921-8450