[newmaint-site] Bug#795973: contributors.debian.org: generic interface to claim an email address

Enrico Zini enrico at debian.org
Tue Aug 18 12:34:09 UTC 2015


Package: nm.debian.org
Severity: normal

Hello,

currently a non-DD cannot associate an email address to themselves, and
need the help of a DD to do it. A DD can associate any identifier to
anyone, and that was a workaround until a better association system
exists, that does not allow anyone to claim random identifiers to
themselves.

For emails, this can be a new view where anyone logged in can type an
e-mail address to be claimed. A mail can then be sent to that address
mentioning who did the request and showing a confirmation URL. Clicking
on the URL performs the association.

It has been pointed out to me that this can be done statelessly for the
server by encoding the association information and an expiry date into
an HMAC token, that can then be verified and trusted when the
verification link is clicked.

https://docs.djangoproject.com/en/dev/topics/signing/ has details about
Django's signing and verification features.


Enrico

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)



More information about the newmaint-site mailing list