-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kat Walsh wrote:
... if the user knows the password, the
account is effectively theirs seems silly to make them take the extra
step of going and changing the email before it shows in the list.
Yes, that would
be silly -- that's why they're instead prompted to enter
the password.
I'm assuming this doesn't work on the test wiki yet -- I was prompted
to enter a password and it only accepted the one I used with my login
to the test wiki. It identified en.wikipedia as my home account but
said I would have to log in at en.wikipedia to complete the merge
process.
That's the intended behavior -- the merge process requires that you be
working at your main account or at an account which can be automatically
determined to match it by password.
This minimizes the risk of someone else milling your accounts for
information by making an account which would get merged in due to disuse
or matching e-mail address.
However, when I changed my password on test to the one
I use on
enwikipedia, it suggested all of the "mindspillage" accounts to merge,
only prompting for my password on accounts where I have both different
email and password.
Is this what's intended?
Sounds about right! It can then match to your primary account
(en.wikipedia in this case) by password, and then also match all others
with the same password or e-mail address.
You'd only need to enter additional passwords if they can't be matched
already.
- -- brion vibber (brion @
wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFGwdvowRnhpk1wk44RAs2gAJ0eUbdibI1MiNyNsGTE//WMeXMf9QCaAwb/
DAbHAbyW+/jSUq5UnlUfYnQ=
=nn13
-----END PGP SIGNATURE-----