<p>If we don't currently verify email addresses before activating the account (i.e: allowing edits), then I think we should change the code to do that before adding any new authentication mechanisms. I think it's important that the website supports the community, and that can only happen if user messages and changeset comments actually reach the intended recipient.</p>
<p>As <a href="https://github.com/Zverik" class="user-mention">@Zverik</a> points out, we might already be making a false assumption about the value of "guarantees" provided by large, established providers such as Google and Facebook. I think we should check our assumptions thoroughly before going any further.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/1433#issuecomment-280338983">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLaQmq9rwrkTVaPDwmvOa7OQCVCKgks5rdFf8gaJpZM4L8Kyb">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/ABWnLbY1hZ0PVWFAnoY7Ocw76oZU7yfWks5rdFf8gaJpZM4L8Kyb.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/openstreetmap/openstreetmap-website/pull/1433#issuecomment-280338983"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"PERSON","message":"@zerebubuth in #1433: If we don't currently verify email addresses before activating the account (i.e: allowing edits), then I think we should change the code to do that before adding any new authentication mechanisms. I think it's important that the website supports the community, and that can only happen if user messages and changeset comments actually reach the intended recipient.\r\n\r\nAs @Zverik points out, we might already be making a false assumption about the value of \"guarantees\" provided by large, established providers such as Google and Facebook. I think we should check our assumptions thoroughly before going any further."}],"action":{"name":"View Pull Request","url":"https://github.com/openstreetmap/openstreetmap-website/pull/1433#issuecomment-280338983"}}}</script>