On 2023-04-17 14:00, Adam Majer wrote:
On 4/17/23 09:48, Vojtěch Zeisek wrote:
Today it isn't so important - a compromised account might give someone access to bugzilla, but not much else. A compromised email account can cause our mailserver to be blacklisted, thus affecting everyone.
True. This most be already solved thousand times. How is this practically processed in comparable organizations? Apart of technical maintenance, this would be IMHO the most demanding part, so when we see how demanding, we see if it'd be worth of the effort.
FWIW, Debian has this setup,
https://lists.debian.org/debian-devel-announce/2022/07/msg00003.html
but everyone on that domain has passed some security checks at some point in time. You can't just create an account and send mails.
So while it probably would be easy to trust most people here with a relay, it's probably not a good idea to do so for the Internet. As-is, we allow anyone to create an account without much checking, so having an opensuse.org relay (since anyone can easily create an account) is probably not a good idea. @opensuse.org relay would probably have to be limited much further than just having an account.
The relay should be open to anyone that has an @opensuse.org alias. That's its purpose. -- Cheers / Saludos, Carlos E. R. (from Elesar, using openSUSE Leap 15.4)