aboutsummaryrefslogtreecommitdiff
path: root/doc/todo
diff options
context:
space:
mode:
authorSimon McVittie <smcv@debian.org>2015-05-27 08:52:01 +0100
committerSimon McVittie <smcv@debian.org>2015-05-27 08:52:01 +0100
commit2afb0dd66332136f47d08f2ee4de292eb73c8779 (patch)
tree8f0e79228de5c762870730689ceabb6a9a112c25 /doc/todo
parent9ab3d2a6be367b745ad0240e5fb68590c7f850b2 (diff)
downloadikiwiki-2afb0dd66332136f47d08f2ee4de292eb73c8779.tar
ikiwiki-2afb0dd66332136f47d08f2ee4de292eb73c8779.tar.gz
Do not directly enable emailauth by default, only indirectly via openid
This avoids nasty surprises on upgrade if a site is using httpauth, or passwordauth with an account_creation_password, and relying on only a select group of users being able to edit the site. We can revisit this for ikiwiki 4.
Diffstat (limited to 'doc/todo')
-rw-r--r--doc/todo/emailauth.mdwn2
-rw-r--r--doc/todo/separate_authentication_from_authorization.mdwn5
2 files changed, 6 insertions, 1 deletions
diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn
index 4683bbad2..ec7b4b96d 100644
--- a/doc/todo/emailauth.mdwn
+++ b/doc/todo/emailauth.mdwn
@@ -127,7 +127,7 @@ Thoughts anyone? --[[Joey]]
>>>
>>> Another way to do it would be to hash the email address,
>>> so the commit appears to come from
->>> `smcv <smcv@dc84925053b18a910f4b95fb7ce1bf802eb7d80e>` instead of
+>>> `smcv <smcv@02f3eecb59311fc89970578832b63d57a071579e>` instead of
>>> from `smcv <smcv@debian.org>` - if the hash is of `mailto:whatever`
>>> (like my example one) then it's compatible with
>>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum).
diff --git a/doc/todo/separate_authentication_from_authorization.mdwn b/doc/todo/separate_authentication_from_authorization.mdwn
index 389f014c9..1eca0dced 100644
--- a/doc/todo/separate_authentication_from_authorization.mdwn
+++ b/doc/todo/separate_authentication_from_authorization.mdwn
@@ -12,6 +12,11 @@ owner (and maybe their outsourced service providers), but not available
to random third parties. The principle of least astonishment would suggest
that we should do the same here.
+> This part is now addressed by cloaking email addresses:
+> `smcv@debian.org` → `smcv@02f3eecb59311fc89970578832b63d57a071579e`
+> (that's the sha1sum of `mailto:smcv@debian.org`, as used in FOAF).
+> --[[smcv]]
+
(The expectation of privacy for direct git commits is rather different:
I think we can expect direct git committers to know that they
should either set a plausible non-email-address in their git identity,