Allow claiming an account by signing/decrypting with the same OpenPGP key
Bug #146861 reported by
Matthew Paul Thomas
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Triaged
|
Low
|
Unassigned | ||
Bug Description
<funman> hi
<funman> i can't add my ssh key & gpg key to my profile
<funman> because they are already been added to an old profile i don't use anymore
<funman> the associated email address doesn't exist anymore
If someone no longer has access to a Launchpad profile's e-mail address, but still has access to the profile's OpenPGP key, they should be able to claim the account without admin intervention by signing or decrypting something using that key (I'm not sure whether signing or decrypting would make more sense).
We could even advertise this as the way to keep your Launchpad profile safe from disappearing e-mail providers or compromised e-mail accounts.
| Changed in launchpad: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
Revision history for this message
| Andrew Bennetts (spiv) wrote | #1 |
Revision history for this message
| Stuart Bishop (stub) wrote | #2 |
To post a comment you must log in.
A user on #launchpad just asked for this feature. They say they lost their password, and do not have access to the only email address associated with the account. However, the account does have a GPG key associated with it, which they still have. So if this feature were implemented, they could recover their account without asking for admin intervention.