please reduce the four registrations on the single winehq.org site.
Scott Ritchie
scott at open-vote.org
Tue Jul 21 17:32:03 CDT 2009
Dan Kegel wrote:
> Steven Edwards wrote:
>> Based upon my recollection there was a lot of contempt for OpenID at
>> the last wineconf. Maybe the situation has changed recently...
>
> For those new to the story, OpenID is incredibly insecure. See for example
> http://marcoslot.net/apps/openid/
> http://www.gnucitizen.org/blog/hijacking-openid-enabled-accounts/
> http://www.techafina.com/posts/openid-benefits-and-risks/
> http://kuza55.blogspot.com/2007/01/insecure-openid-features.html
> Moreover, it's hard to use, as shown by usability testing at Yahoo:
> http://www.betanews.com/article/Yahoo-usability-tests-bode-ill-for-OpenID-takeup/1224102932
>
> In short: if you care about your data or your identity, stay far away
> from OpenID.
>
All our WineHQ data is public though -- is there still a risk if we
restrict the allowed OpenID providers to the main WineHQ one?
> Now, if you absolutely must use OpenID, there are people working on
> making it more secure. For instance, Google is giving it a shot; see
> http://google-code-updates.blogspot.com/2009/05/google-openid-api-taking-next-steps.html
> But I doubt the wine community wants to go there.
>
> Better to implement a plain old shared password database between
> our four services.
> - Dan
This would be nice, but we don't have any premade tools for getting
bugzilla and friends talking to one another that way. I'm not sure how
difficult that is to do from scratch, though it might not be
substantially harder than integrating the OpenID stuff.
Thanks,
Scott Ritchie
More information about the wine-devel
mailing list