[Haskell-cafe] Re: Unified Haskell login

Maciej Piechotka uzytkownik2 at gmail.com
Mon Sep 20 08:06:09 EDT 2010

On Sun, 2010-09-19 at 17:12 +0200, Michael Snoyman wrote:
> Let me respond to this directly since a number of people have brought
> this up:
> Due to spam reasons we can't trust the email given via an OpenID
> provider in general. For example, it would be trivial for me to create
> an OpenID provider for myself, set my email address as <insert someone
> else's address here> and essentially spam them.
> By going with a service like Facebook or Google, we know (or at least
> assume) that they do proper email validation, so we could immediately
> accept this value without needing to verify it ourselves.
> In other words: Yes, I know there are extensions to OpenID. And no, we
> can't use it to get a verified email address.
> Michael 

There are people who for whatever reason don't use Facebook/Google/....
And sending verification e-mail costs practically nothing.


PS. If we have on-site registration it would have unverified e-mail as
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://www.haskell.org/pipermail/haskell-cafe/attachments/20100920/d2e9b628/attachment.bin

More information about the Haskell-Cafe mailing list