Namespacing on Crates.io


#101

The approach I described takes literally 3 seconds using your own preferred “IdP”:

As you see, it comes with “a point-and-click experience with strong authentication (e.g. U2F) and active monitoring for suspicious activity”.

The difference with this approach is that developers can make their own decisions and pick whatever proprietary “IdP” they prefer, including none at all (and use their own domain).


#102

While I’m sure this is all wonderfully intuitive to you, I would not consider that a good user experience for what is fundamentally an access control management tool.

You’re also kind of missing the point re: “active monitoring for suspicious activity”. The kind of interesting authentication and access change events that GitHub monitors for in its own account system are oblivious to changes you’re making in a text file…


#103

At the point were a malicious user has circumvented “active monitoring for suspicious activity” to log into a victim’s account you are in pretty bad shape security-wise anyway.