On 23/08/15 21:13, Peter Stadler wrote:
Methinks this is kinda insecure with the GitHub account posting to a public mailing list. Anyone could request a password reset, grab the link from the public archive and log us out — or am I missing something?!
I believe you are missing something. The 'primary email' of the account is still set to one of mine. It is merely the council list which is set as a notification email for repositories belonging to the TEIC github organisation. However, to add that email it had to send a verification email, and then I only changed the primary email afterwards. It is worth a test though... feel free to try to request the password be changed as we'll see if it comes through on the list or to my private email. (And obviously, since I've given out the password to a couple other council members they could go in and change its primary email if I ever don't want to be involved any more.)
On second thought, I think it’s better to have everyone subscribed to notifications individually rather than spamming the list. IMHO, the problem with e.g. Stuart’s pull request is not an issue of noticing it, but of proper knowledge and protocol, as Martin already pointed out.
I think the latter is true certainly. I still think it is worth experimenting with and seeing if this does cause problems. (Personally my tei-council emails and my github emails go to completely different accounts and folders....I'd just choose to read them here rather than there probably.) -James -- Dr James Cummings, James.Cummings@it.ox.ac.uk Academic IT Services, University of Oxford