On Tue, Mar 12, 2019 at 03:55:34PM -0400, John Sullivan wrote: > Ineiev <ine...@gnu.org> writes: > > > On Mon, Mar 11, 2019 at 10:11:52AM -0700, John Sullivan wrote: > >> On March 11, 2019 9:50:20 AM PDT, Ineiev <ine...@gnu.org> wrote: > >> > >> Actually, we wouldn't need a whitelist. > > > > By the way, should we blacklist accounts with email like '@mfsa.info$'? > > > > I'm not sure. You mean ones that aren't actually valid email addresses?
No, I don't: one needs a valid email address in order to at activate the new account, and unactivated accounts are removed automatically. I mean services that supposedly let any visitor read messages for any 'account'. ... > No, but staff could do it for RMS and any other accounts the FSF needs > to reserve/keep; hopefully any other account that needs to be kept > indefinitely despite never logging in would similarly have human > caretakers associated with it. If not, then I suppose a whitelist would > be the next step. Such a whitelist would still need to be periodically > reviewed, so I'm not sure it's any better than just making sure every > account is actually assigned to a person and put through the normal > process. I doubt this additional maintenance work and other drawbacks would be justified these days.
signature.asc
Description: Digital signature
