[Catalog-sig] Mandatory Reset of PyPI Passwords
Antoine Pitrou
solipsis at pitrou.net
Wed Feb 13 17:25:06 CET 2013
Jesse Noller <jnoller <at> gmail.com> writes:
> On Feb 13, 2013, at 7:13 AM, Antoine Pitrou <solipsis <at> pitrou.net> wrote:
>
> > Richard Jones <richard <at> python.org> writes:
> >> 3. send email to all registered users indicating that all users must
> >> change their password and a forced reset will take place in a week's
> >> time for users who have not done so, and
> >
> > What about users who've already changed their password?
>
> Why not force the reset anyway?
Because annoying responsible users is unfriendly and incompetent.
You shouldn't expect the average user to have a specifically indulgent a priori
towards the PSF; nor should you imagine they like having to change their
passwords. Managing one's passwords is for most users a major PITA.
If some outside organization forced a second password reset on me after
I'd changed my password a first time, I would certainly not get a good opinion
of them.
Regards
Antoine.
More information about the Catalog-SIG
mailing list