On Fri, Mar 9, 2012 at 2:22 PM, Phil Hagelberg <p...@hagelb.org> wrote: > Because we can't ensure that everyone will log in to re-hash their > password, at some point in the future (probably 2-3 weeks out) we will > WIPE all the old password hashes. Otherwise users who have stopped using > Clojars or missed the announcement could have their passwords exposed in > the event of a future break-in. I will be sure to send out a few more > warnings before this happens, but even if your password has been wiped > it's easy to reset it via the "forgot password" functionality.
Just a heads-up that I am planning on wiping the insecure hashes next week. If you don't login in time your account will still be accessible via the forgot password functionality. -Phil -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
