Hello, On Tue, Mar 01, 2022 at 03:20:25PM +0100, Dan Čermák wrote:
Dear maintainers of development projects on OBS,
please take a look whether your co-maintainers are still active and especially check from time to time whether their email addresses are still valid. There's a few accounts on OBS that use email addresses to expired domains, which pose a security risk: an adversary could re-register that domain, request a password reset, take over the old account and cause quite some harm.
So if you find such an old account, please try to reach the maintainer via another channel and if not, please take the appropriate measures.
I see an opportunity for automated checks here. Even if all project maintainers manage to carry out an ad-hoc check correctly once an automated check is much more future proof. Thanks Michal