Do not say you are going to send an email if you are not.

Asked by Charles Pergiel on 2011-09-22

Trying to logon to Launchpad. I enter my best guess, but it's not good enough. Have I forgotten my password? Apparently so, so I click on the forgotten-password-link. I get a message that says it will send me an email. Soon. Maybe. Maybe now, maybe in a couple of hours, maybe never. That's just great. Wait a bit, no email. Check my spam folder. Nothing there either. Maybe I don't have an account. I'll try signing up for a new one. That works fine, I get an email instantly to confirm my registration.


Question information

Ghazanfar Ali (cyberhornet007) said : #1

Actually this can happens to any service so with respect you cann't blame Launchpad for that It is you who has to ensure about your email not Launchpad.

Charles Pergiel (c-pergiel-c) said : #2

No, it doesn't happen with any service. Many online services can detect if the user has entered a legitimate ID or not.

It should be simple enough to fix.

If the email address is not in database, then say that the email address is unknown. Do not say the password is incorrect.

Why would it be a good thing to allow everyone on the Internet to check and see if an arbitrary email address has a Launchpad account associated with it?

Charles Pergiel (c-pergiel-c) said : #4

Why not? You allow anyone to open an account. Are you looking for monsters under your bed?

And what's with the stringent password requirements? Are there secret weapons hidden in here?

"Why not?"

Because when you open a Launchpad account with email address X and specify in your Launchpad settings that people are not supposed to be able to see email address X, the most logical and only privacy-respecting behavior is to also disallow people who know email address X but not whether or not there is a Launchpad account associated with it from finding out.

"You [sic*] allow anyone to open an account."

Why is that relevant? Launchpad cannot be functional if people cannot open accounts, and the ability to open an account does not translate into the ability to harvest people's personal information without mitigation or detection.

*I am not affiliated with Canonical, Ltd. and I am not a Launchpad or Canonical SSO provider developer.

I recommend reopening this question so that people (including the folks at Canonical) can see that you still want an answer. Its status changed to Answered with Ghazanfar Ali's post, and has had that status ever since.

Charles Pergiel (c-pergiel-c) said : #6

I think the scenarios you describe are a bit much, especially since we are talking about a bug tracking system, not your bank.
I am just going to stick with my original complaint: Do not say you are going to send an email and then not do it.

Selene Scriven (toykeeper) said : #7

This issue is being tracked as a bug:

If you add yourself to those, it will increase the priority of the bugs and get the fix to happen sooner.

Selene Scriven (toykeeper) said : #8

This issue has been fixed. See .

Can you help with this problem?

Provide an answer of your own, or ask Charles Pergiel for more information if necessary.

To post a message you must log in.