[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Refactoring the Debtags web interface

Peter Palfrader <weasel@debian.org> writes:

> On Mon, 23 Feb 2009, Enrico Zini wrote:
> 
> > If Debian were an OpenID provider, then using the Debian OpenID
> > could automatically give some authorization, like assuming that
> > one is a DD. That could have been handy, but indeed not
> > particularly needed.
> 
> As openid provides no security whatsoever

Just like an email address, an OpenID is good for identity; security
needs to be dealt with in a separate layer, just as with email. I
don't know who promised OpenID “provides security”, or expects it.

> there's probably not a big chance of us (as in DSA) hopping onto the
> openid hype any time soon.

Given that we willingly use email for identity, despite the fact that
email provides no security, I don't see how this is anything but a
non-sequitur.

-- 
 \        “I fly Air Bizarre. You buy a combination one-way round-trip |
  `\    ticket. Leave any Monday, and they bring you back the previous |
_o__)     Friday. That way you still have the weekend.” —Steven Wright |
Ben Finney
Reply to: