From stephen at xemacs.org  Sun Feb  1 18:30:19 2015
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 02 Feb 2015 02:30:19 +0900
Subject: [Tracker-discuss] [issue564] Password reset sends new password
	to	wrong email
In-Reply-To: <1422721439.89.0.840459452488.issue564@psf.upfronthosting.co.za>
References: <1422721439.89.0.840459452488.issue564@psf.upfronthosting.co.za>
Message-ID: <87egq9r13o.fsf@uwakimon.sk.tsukuba.ac.jp>

Ian Kelly writes:

 > Instead of or in addition to the primary email address on the
 > account, it seems to me that these emails should at minimum be sent
 > to the email address that was used to initiate the password reset.

I assume you mean that the email used to reset is in fact registered
as a secondary address on that user.  If not, it's clearly a major
security hole.




From metatracker at psf.upfronthosting.co.za  Sun Feb  1 18:39:51 2015
From: metatracker at psf.upfronthosting.co.za (Stephen Turnbull)
Date: Sun, 01 Feb 2015 17:39:51 +0000
Subject: [Tracker-discuss] [issue564] Password reset sends new password to
	wrong email
In-Reply-To: <1422721439.89.0.840459452488.issue564@psf.upfronthosting.co.za>
Message-ID: <87egq9r13o.fsf@uwakimon.sk.tsukuba.ac.jp>


Stephen Turnbull added the comment:

Ian Kelly writes:

 > Instead of or in addition to the primary email address on the
 > account, it seems to me that these emails should at minimum be sent
 > to the email address that was used to initiate the password reset.

I assume you mean that the email used to reset is in fact registered
as a secondary address on that user.  If not, it's clearly a major
security hole.

----------
nosy: +stephen
status: unread -> chatting

_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue564>
_______________________________________________________

From metatracker at psf.upfronthosting.co.za  Sun Feb  1 19:03:44 2015
From: metatracker at psf.upfronthosting.co.za (Ian Kelly)
Date: Sun, 01 Feb 2015 18:03:44 +0000
Subject: [Tracker-discuss] [issue564] Password reset sends new password to
	wrong email
In-Reply-To: <1422721439.89.0.840459452488.issue564@psf.upfronthosting.co.za>
Message-ID: <1422813824.92.0.977192683223.issue564@psf.upfronthosting.co.za>


Ian Kelly added the comment:

Yes, the email used to reset was a secondary address. I don't think an unregistered email could be used to start the reset process since it wouldn't identify the account.

_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue564>
_______________________________________________________

From roundup-admin at psf.upfronthosting.co.za  Fri Feb  6 08:02:08 2015
From: roundup-admin at psf.upfronthosting.co.za (Python tracker)
Date: Fri, 06 Feb 2015 07:02:08 +0000
Subject: [Tracker-discuss] Failed issue tracker submission
Message-ID: <20150206070208.2732B56263@psf.upfronthosting.co.za>



The node specified by the designator in the subject of your message
("23881") does not exist.

Subject was: "[issue23881]"



Mail Gateway Help
=================
Incoming messages are examined for multiple parts:
 . In a multipart/mixed message or part, each subpart is extracted and
   examined. The text/plain subparts are assembled to form the textual
   body of the message, to be stored in the file associated with a "msg"
   class node. Any parts of other types are each stored in separate files
   and given "file" class nodes that are linked to the "msg" node.
 . In a multipart/alternative message or part, we look for a text/plain
   subpart and ignore the other parts.
 . A message/rfc822 is treated similar tomultipart/mixed (except for
   special handling of the first text part) if unpack_rfc822 is set in
   the mailgw config section.

Summary
-------
The "summary" property on message nodes is taken from the first non-quoting
section in the message body. The message body is divided into sections by
blank lines. Sections where the second and all subsequent lines begin with
a ">" or "|" character are considered "quoting sections". The first line of
the first non-quoting section becomes the summary of the message.

Addresses
---------
All of the addresses in the To: and Cc: headers of the incoming message are
looked up among the user nodes, and the corresponding users are placed in
the "recipients" property on the new "msg" node. The address in the From:
header similarly determines the "author" property of the new "msg"
node. The default handling for addresses that don't have corresponding
users is to create new users with no passwords and a username equal to the
address. (The web interface does not permit logins for users with no
passwords.) If we prefer to reject mail from outside sources, we can simply
register an auditor on the "user" class that prevents the creation of user
nodes with no passwords.

Actions
-------
The subject line of the incoming message is examined to determine whether
the message is an attempt to create a new item or to discuss an existing
item. A designator enclosed in square brackets is sought as the first thing
on the subject line (after skipping any "Fwd:" or "Re:" prefixes).

If an item designator (class name and id number) is found there, the newly
created "msg" node is added to the "messages" property for that item, and
any new "file" nodes are added to the "files" property for the item.

If just an item class name is found there, we attempt to create a new item
of that class with its "messages" property initialized to contain the new
"msg" node and its "files" property initialized to contain any new "file"
nodes.

Triggers
--------
Both cases may trigger detectors (in the first case we are calling the
set() method to add the message to the item's spool; in the second case we
are calling the create() method to create a new node). If an auditor raises
an exception, the original message is bounced back to the sender with the
explanatory message given in the exception.
-------------- next part --------------
Return-Path: <bounce+27be32.9b1c6-report=bugs.python.org at psf.io>
X-Original-To: report at bugs.python.org
Delivered-To: roundup+tracker at psf.upfronthosting.co.za
Received: from rs232.mailgun.us (rs232.mailgun.us [209.61.151.232])
	by psf.upfronthosting.co.za (Postfix) with ESMTP id 9CF0C561F1
	for <report at bugs.python.org>; Fri,  6 Feb 2015 08:02:07 +0100 (CET)
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=psf.io; q=dns/txt; s=pic;
 t=1423206126; h=Sender: Date: Message-Id: Subject: To: From:
 Content-Transfer-Encoding: Content-Type: Mime-Version;
 bh=+3b09NM20W2bGVBNIiZzBEb7t8KFqw5lZHv/nLeo/xQ=; b=C1jJKBdkglYSt8zWQG8uZGxuShVTwf01i3k2RZn64E5cMCvVVML6vgXjflPHd/opBC1OxwjT
 cHja9Nnf9sofWeVN7y9wXV50XMZh4XujY29VWkTyWz3QJkHc/d668Kmvl5p9YIJCkQ8zjqGM
 ZXMhpNWhoa0uQVN6oSvct7RRe0o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=psf.io; s=pic; q=dns;
 h=Mime-Version: Content-Type: Content-Transfer-Encoding: From: To:
 Subject: Message-Id: Date: Sender;
 b=U8XT/Qodbg8W2aZrVdLPIwP67K+AN8A3LD+J1xG4FHBUKHkrpiBTdbJnlmnJyp0wUfucwL
 qIT0ZpD+AJnnV2QJ//urPmIqk91Zcq/a5FO6Zsy94gX/G7kObP5xc+IVSfL7B9FDeik6/ooD
 MrxdJ6j0P+qA2iK9lB00WQOjLkU8c=
Received: from hg.iad1.psf.io (hg.psf.io [23.253.158.192]) by
 mxa.mailgun.org with ESMTP id 54d466d6.7f2b31824dc0-in1; Fri, 06 Feb 2015
 07:01:42 -0000 (UTC)
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
From: tracker-discuss at python.org
To: report at bugs.python.org
Subject: [issue23881]
Message-Id: <20150206070142.106309.46143 at psf.io>
X-Mailgun-Sid: WyIzZGMxOSIsICJyZXBvcnRAYnVncy5weXRob24ub3JnIiwgIjliMWM2Il0=
Date: Fri, 06 Feb 2015 07:02:06 +0000
Sender: tracker-discuss=python.org at psf.io

TmV3IGNoYW5nZXNldCAzMGU2YzhjYWE1YjkgYnkgU2VyaGl5IFN0b3JjaGFrYSBpbiBicmFuY2gg
JzMuNCc6Cklzc3VlICMyMzg4MTogT25seSB1c2UgZW50cnktdmFsdWVzIHdpdGggZ2RiIDcuNCBp
biB0ZXN0cy4KaHR0cHM6Ly9oZy5weXRob24ub3JnL2NweXRob24vcmV2LzMwZTZjOGNhYTViOQoK
Ck5ldyBjaGFuZ2VzZXQgOTgxZTEwODAzOWYxIGJ5IFNlcmhpeSBTdG9yY2hha2EgaW4gYnJhbmNo
ICdkZWZhdWx0JzoKSXNzdWUgIzIzODgxOiBPbmx5IHVzZSBlbnRyeS12YWx1ZXMgd2l0aCBnZGIg
Ny40IGluIHRlc3RzLgpodHRwczovL2hnLnB5dGhvbi5vcmcvY3B5dGhvbi9yZXYvOTgxZTEwODAz
OWYxCgoKTmV3IGNoYW5nZXNldCBjZWUzOTcwMWIyODAgYnkgU2VyaGl5IFN0b3JjaGFrYSBpbiBi
cmFuY2ggJzIuNyc6Cklzc3VlICMyMzg4MTogT25seSB1c2UgZW50cnktdmFsdWVzIHdpdGggZ2Ri
IDcuNCBpbiB0ZXN0cy4KaHR0cHM6Ly9oZy5weXRob24ub3JnL2NweXRob24vcmV2L2NlZTM5NzAx
YjI4MAo=

From metatracker at psf.upfronthosting.co.za  Fri Feb  6 22:01:47 2015
From: metatracker at psf.upfronthosting.co.za (Robert Fleming)
Date: Fri, 06 Feb 2015 21:01:47 +0000
Subject: [Tracker-discuss] [issue562] Gmail (google) marks registration
	email as spam
In-Reply-To: <1422157456.62.0.726959967661.issue562@psf.upfronthosting.co.za>
Message-ID: <1423256507.36.0.0481459510087.issue562@psf.upfronthosting.co.za>


Robert Fleming added the comment:

Gmail is also categorizing non-registration e-mails as spam. Specifically when a new comment is added to a Python bug, Google marks the generated e-mail as spam.

(Doing my part to unmark the spam flag...)

----------
nosy: +fleminra

_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue562>
_______________________________________________________

From metatracker at psf.upfronthosting.co.za  Fri Feb  6 22:03:28 2015
From: metatracker at psf.upfronthosting.co.za (Robert Fleming)
Date: Fri, 06 Feb 2015 21:03:28 +0000
Subject: [Tracker-discuss] [issue562] Gmail (google) marks registration
	email as spam
In-Reply-To: <1422157456.62.0.726959967661.issue562@psf.upfronthosting.co.za>
Message-ID: <1423256608.54.0.477350282231.issue562@psf.upfronthosting.co.za>


Robert Fleming added the comment:

In reference to my previous comment: "new comment" e-mails from this tracker (psf.upfronthosting.co.za) are *not* being marked as spam.

_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue562>
_______________________________________________________

From metatracker at psf.upfronthosting.co.za  Sat Feb 14 15:31:35 2015
From: metatracker at psf.upfronthosting.co.za (A. Jesse Jiryu Davis)
Date: Sat, 14 Feb 2015 14:31:35 +0000
Subject: [Tracker-discuss] [issue458] editing "homepage" field is not
	possible
In-Reply-To: <1334485569.34.0.217371137544.issue458@psf.upfronthosting.co.za>
Message-ID: <1423924295.97.0.506898396882.issue458@psf.upfronthosting.co.za>


A. Jesse Jiryu Davis added the comment:

Right, I see the same error behavior as stefan.richthofer

----------
nosy: +emptysquare

_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue458>
_______________________________________________________

From metatracker at psf.upfronthosting.co.za  Tue Feb 24 22:18:57 2015
From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=)
Date: Tue, 24 Feb 2015 21:18:57 +0000
Subject: [Tracker-discuss] [issue559] Google is halting OpenID 2 support in
	April 2015
In-Reply-To: <1417978642.85.0.0454287505023.issue559@psf.upfronthosting.co.za>
Message-ID: <1424812737.29.0.714780161532.issue559@psf.upfronthosting.co.za>


Martin v. L?wis added the comment:

This is now fixed; users selecting the Google icon now go through OpenID Connect, and existing accounts are migrated.

----------
status: chatting -> resolved

_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue559>
_______________________________________________________