- Issue created by @nicxvan
- ๐จ๐ฆCanada mandclu
+1 for this idea. Providing the most secure option as the default makes sense.
- ๐บ๐ธUnited States dww
+1. I have to do this on every site I set up. Admin-only should be the default until folks opt-in to something more permissive.
- ๐บ๐ธUnited States nicxvan
I updated the minimal test to match new defaults.
- Status changed to Needs review
6 months ago 5:20pm 10 June 2024 - Status changed to RTBC
6 months ago 5:28pm 10 June 2024 - ๐บ๐ธUnited States dww
- Changes look reasonable to me, and IMHO are all in scope.
- Pipeline is green.
- I took a stab at a release note snippet (which we'll definitely need).
- I'm not sure if this needs a CR for distribution maintainers, too.
- Bumping to RTBC so the Product managers will see it and make a final call both on the change, and the need for a CR or not.
Thanks!
-Derek - ๐ซ๐ฎFinland lauriii Finland
This feature to some extent goes together with the Comment module because this way you can get your username verified. I still think it makes sense to disable this behavior by default because usually if you want to accept registrations on the site, that's would be an explicit decision. It seems fine to require an extra step for that, given that there's likely couple of other extra steps you'd have to take in order to avoid getting tons of spam accounts.
- ๐ญ๐บHungary Gรกbor Hojtsy Hungary
I agree with Lauri and others above. Unfortunately the internet became a place where you need to set up extensive protections to even attempt to enable user registration publicly. :/ Most of those don't come with core so you may be in for some nasty surprises before you may have a chance to set up the tools to avoid it.
- Status changed to Needs work
6 months ago 11:37am 12 June 2024 - ๐ฌ๐งUnited Kingdom alexpott ๐ช๐บ๐
Added a review comment to the MR - we need to add a positive assertion to the test now that we changed an assertion to a negative one.
- ๐บ๐ธUnited States nicxvan
I addressed @alexpott's feedback, I'll create a change record, I didn't see anyone say it's necessary, but I suspect it will be.
- Status changed to Needs review
6 months ago 1:37pm 12 June 2024 - Status changed to RTBC
6 months ago 1:53pm 12 June 2024 - ๐บ๐ธUnited States dww
- I made a very minor edit to the CR. Agreed itโs worth having.
- Good catch on the test comment. Apologies I missed that. Thatโs what I get for quickly reviewing on my phone. ๐
- Changes look good. Feedback addressed. Pipeline is green.
Back to RTBC.
Thanks,
-Derek - Status changed to Fixed
6 months ago 3:22pm 12 June 2024 -
alexpott โ
committed b719931e on 11.x
Issue #3453676 by nicxvan, alexpott, dww, lauriii, Gรกbor Hojtsy: Make "...
-
alexpott โ
committed b719931e on 11.x
Automatically closed - issue fixed for 2 weeks with no activity.