Ineiev <ine...@gnu.org> writes: > On Tue, Mar 12, 2019 at 03:55:34PM -0400, John Sullivan wrote: >> Ineiev <ine...@gnu.org> writes: >> >> > On Mon, Mar 11, 2019 at 10:11:52AM -0700, John Sullivan wrote: >> >> On March 11, 2019 9:50:20 AM PDT, Ineiev <ine...@gnu.org> wrote: >> >> >> >> Actually, we wouldn't need a whitelist. >> > >> > By the way, should we blacklist accounts with email like '@mfsa.info$'? >> > >> >> I'm not sure. You mean ones that aren't actually valid email addresses? > > No, I don't: one needs a valid email address in order to at activate > the new account, and unactivated accounts are removed automatically. > > I mean services that supposedly let any visitor read messages > for any 'account'. >
I'm not familiar with them, but doesn't sound like a great thing to allow for account registration. > ... >> No, but staff could do it for RMS and any other accounts the FSF needs >> to reserve/keep; hopefully any other account that needs to be kept >> indefinitely despite never logging in would similarly have human >> caretakers associated with it. If not, then I suppose a whitelist would >> be the next step. Such a whitelist would still need to be periodically >> reviewed, so I'm not sure it's any better than just making sure every >> account is actually assigned to a person and put through the normal >> process. > > I doubt this additional maintenance work and other drawbacks would > be justified these days. > What are the benefits to removing inactive accounts? I named one, which is security. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B https://status.fsf.org/johns | https://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <https://my.fsf.org/join>.
