>>In almost every case where we need to use this feature, this manual step
>>would need to be taken. I don't see any point keeping it manual when it
>>would be trivial to handle it automatically.
>
>
> Indeed it's trivial to handle automatically, I suggested that because the
> merge of user accounts might be quite harmful if, let's say, a launchpad admin
> inadvertently merge the wrong account. If they had to manually delete the
> email addresses, they'd have another chance to realize that's the wrong
> account. This is not ideal, obviously, but I think that if we're going to
> provide a web interface for an operation that is not easily reversible
> (or maybe it is?), we need some extra care to make sure we won't ever need
> to revert one.
The paranoia check can be done with an 'are you sure?' page, listing the
details of the account that is going to be removed. This will be more useful
than requiring admins to manually delete the email addresses first using the
web UI, or asking the DBA to do it, as you are explicitly being stopped and
asked to confirm a dangerous operation. Any manual steps involved will also
be dangerous, and I think would only serve to make the process more
complicated, error prone and increase the likelyhood of a bad request going
through because confirmation didn't happen or happened too late in a
multistep process.
We can require an explicit, changing key to be entered on the confirmation
page to ensure it isn't just clicked through (which will be annoying, but we
don't do this very often so I expect the benefits will outweigh the annoyance).
Guilherme Salgado wrote:
>>In almost every case where we need to use this feature, this manual step
>>would need to be taken. I don't see any point keeping it manual when it
>>would be trivial to handle it automatically.
>
>
> Indeed it's trivial to handle automatically, I suggested that because the
> merge of user accounts might be quite harmful if, let's say, a launchpad admin
> inadvertently merge the wrong account. If they had to manually delete the
> email addresses, they'd have another chance to realize that's the wrong
> account. This is not ideal, obviously, but I think that if we're going to
> provide a web interface for an operation that is not easily reversible
> (or maybe it is?), we need some extra care to make sure we won't ever need
> to revert one.
The paranoia check can be done with an 'are you sure?' page, listing the
details of the account that is going to be removed. This will be more useful
than requiring admins to manually delete the email addresses first using the
web UI, or asking the DBA to do it, as you are explicitly being stopped and
asked to confirm a dangerous operation. Any manual steps involved will also
be dangerous, and I think would only serve to make the process more
complicated, error prone and increase the likelyhood of a bad request going
through because confirmation didn't happen or happened too late in a
multistep process.
We can require an explicit, changing key to be entered on the confirmation
page to ensure it isn't just clicked through (which will be annoying, but we
don't do this very often so I expect the benefits will outweigh the annoyance).
-- www.canonical. com/ www.ubuntu. com/
Stuart Bishop <email address hidden> http://
Canonical Ltd. http://