[openstreetmap/openstreetmap-website] User account self-deletion allows bad actors to delete and recreate the same account name to "lose" changeset discussion and block history (Issue #4018)
mmd
notifications at github.com
Sat Oct 21 20:43:32 UTC 2023
How about we only allow self-deletion of a user account after a cool-down period of, say 28 days. Cool-down period in this case means: time since the last changeset has been uploaded by the user.
This is similar to the grace period approach I suggested back in https://github.com/openstreetmap/openstreetmap-website/issues/1853#issuecomment-387769478, but it would be much easier to implement.
Blocked users may not self-delete their accounts at all.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/4018#issuecomment-1773917139
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/4018/1773917139 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20231021/f5d98f46/attachment.htm>
More information about the rails-dev
mailing list