On Thu, Jun 21, 2012 at 09:46:54AM +0200, Bjoern Michaelsen wrote:
On Thu, Jun 21, 2012 at 07:09:15AM +0200, Lionel Elie Mamane wrote:
But frankly, why should Google, AOL, Wordpress or another person be
able to impersonate me at the TDF systems?
If you created an account at one of those, you are trusting
them. The trust issue is with account creation, not with usage. Once
you have a google account it is automatically OpenID enabled. Even
if you never used it yourself, google is perfectly able to
impersonate you.
No, if I create a gerrit account with a non-Google OpenID identity,
get it added to the right "privileged groups" (committer, can review,
can submit patches with different author, ...) and I have an
OpenID-enabled Google account, then Google is able to create a *new*
account at Gerrit with my Google identity with *no* more privileges
than we give any random person. It is *not* able (modulo security
issues in Gerrit or my other OpenID provider) to access my Gerrit
account, as long as I (or my OpenID provider or anybody cracking them)
don't go into my Gerrit account and link my Google-issued OpenID
identity to my Gerrit account.
The same is true for an email/password-login and any external mail
provider.
No, my email being hosted at gmail does not mean Google knows, or can
know, my username/password at wiki.documentfoundation.org; yes, they
can request a new password to be mailed and intercept it, but then
I'll notice something is wrong: I cannot login at the wiki anymore!
(For the specific case of google, they could put a spy feature in
Chrome, OK... like the author of about any software I use.)
--
Lionel
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.