I had not verified email, but I received emails nonetheless.
Description
Description
Details
Details
- Reference
- fl138
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Qgil | T553 Engineering Community team goals for October 2014 | |||
| Resolved | Qgil | T174 Launch Wikimedia Phabricator Day 1 | |||
| Resolved | Qgil | T175 Nominate a team in charge of deploying and maintaining Wikimedia Phabricator code | |||
| Resolved | • RobLa-WMF | T17 Allocate resources for the migration and maintenance | |||
| Resolved | Qgil | T19 Define which features existing in our current tools are really missing in Phabricator | |||
| Invalid | • chasemp | T34 Configure Phabricator for our needs | |||
| Resolved | Qgil | T79 Emails are sent before verifying email address (auth.require-email-verification setting) |
Event Timeline
Comment Actions
aklapper wrote on 2014-04-18 10:11:22 (UTC)
Just to make this clear: You *did* receive a message to verify your address, but you already received notifications before verifying it?
Comment Actions
qgil wrote on 2014-04-18 20:36:36 (UTC)
"You can enable auth.require-email-verification to require users to verify their email addresses before they can take actions within the system. With this option off, we're intentionally permissive to make it easy for users to sign up and interact with the system."
In fact, I don't see why we shouldn't be permissive as well. I verified immediately when I registered here, and I wasn't bothered about the notification received when I tested this situation after registering at secure.phabricator.com.
Comment Actions
Nemo_bis wrote on 2014-04-18 20:41:33 (UTC)
The reason to be restrictive is that emailing unverified addresses can get you blocked by ISPs; cf. https://bugzilla.wikimedia.org/show_bug.cgi?id=56414
Comment Actions
qgil wrote on 2014-04-21 04:05:00 (UTC)
I'm marking this as resolved because we can enable auth.require-email-verification if we want it.
Comment Actions
Nemo_bis wrote on 2014-06-15 10:45:46 (UTC)
I'm marking this as resolved because we can enable auth.require-email-verification if we want it.
But was it enabled? I don't understand whether configuration of this instance is assumed to be carried over to production, or there's a list somewhere of configuration switches to change once the production instance is set up.