[Foundation-l] what do we do in the event the Foundation fails? - Re: Policy governance ends

Andrew Gray shimgray at gmail.com
Wed Apr 18 16:56:00 UTC 2007


On 18/04/07, David Gerard <dgerard at gmail.com> wrote:

> > I was going to suggest we could publish some user db data with yet
> > another hashing layer, but we can't. We sure have too many users with a
> > one-letter password.
> > But don't worry. Users table are so small that Brion can save them under
> > his pillow ;-)
>
> Let's assume Brion is 100% trustworthy with personal information (I
> think we can actually assume this is true). The WMF is eaten by
> invading Martian badgers.
>
> * How much work to verify any person is who they say they are?
> * Who does he give the results to?
>
> In the second case, a public list of "this old-userID is this OpenID"
> would be something that wouldn't violate a confidence - if each person
> made the match by logging in and submitting the OpenID they wanted to
> correlate and publicise for credit.

Confirmed email addresses would be a good start. I'm assuming here
that by the vast majority of "heavy users" have a confirmed email
address, and many of the others have an unconfirmed one; using that as
part of the verification would seem the most obvious first step.

-- 
- Andrew Gray
  andrew.gray at dunelm.org.uk



More information about the foundation-l mailing list