Open joaquintides opened 1 week ago
If the user signs up with GitHub, then we don't need this additional stuff. We decided early on that we would trust external OAuth providers, as doing so is no less secure than the provider.
Yes, this only applies to the email-based registration process.
There are two problems with the current registration problem:
To write: a more precise spec of how we want to implement this hardening.