On Thu, Sep 06, 2012 at 08:52:28PM +0100, Ian Lynagh wrote:
On Thu, Sep 06, 2012 at 08:32:38PM +0100, Duncan Coutts wrote:
From the point of view of an existing user, they will go to the new site, go to a special page, enter their username and their old password and a new password (which can be the same if they like). This is a one off. After that they use the site as normal with their new password.
Does the H1 server have an e-mail address for the user?
If so, we can just implement a "Reset my password" feature that e-mails you a URL with which you can reset your password. That seems like something we ought to implement anyway.
Yes it does, as well as the date of account creation and by whom (usually me), in /srv/www/hackage.haskell.org/passwd/hackage.addresses I was just about to suggest the same thing. A password reset is certainly an essential feature.