-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christoph,
This is offtopic to your questions, but I should better say this now than forgetting about this idea: For the new users registration process what about making mentors: * require the key to be in a keyserver so it can fetch it from there, and removing the current 'upload your key' way. Reasoning: Potential sponsors, in theory, should verify the signature of package they may sponsor, and in order to do this they need to be able to get the public key from somewhere. Making this a requirement would also make people more aware of the keyservers and their pourpose. * and once the key has been imported in mentors' local keyring, the user should fetch mentors' public key in order to send an encrypted message either via web or via email to mentors in a format such as the following so the new account is created: Email: [EMAIL PROTECTED] Password: foobar Reasoning: just like for my previous point, users need to be aware of the capabilities and uses of GPG/PGP keys. And not to mention that in theory it is a safer way to transmit passwords over the net instead of dummy https. A similar process could be used when the user wishes to reset the password of the web account. Cheers, Raphael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH+qpiYy49rUbZzloRAkj+AJ4tmNzRuHrkxRDnIpmTIFinRaA9RACfdbr9 3HLFJ0KptGhomOds4hyqKjE= =VzVQ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
