From: Joey Hess <joeyh@joeyh.name>
Date: Thu, 14 May 2015 14:41:07 +0000 (-0400)
Subject: update re passwordauth @
X-Git-Tag: 3.20150610~67
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/f1f3d4c6e724c2f4c1056dd43460766f7c483965

update re passwordauth @
---

diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn
index aac2c988e..88096bee1 100644
--- a/doc/todo/emailauth.mdwn
+++ b/doc/todo/emailauth.mdwn
@@ -62,7 +62,7 @@ Implementation notes:
   Otherwise, someone could use passwordauth to register as a username that
   looks like an email address, which would be confusing to possibly a
   security hole. Probably best to keep passwordauth and emailauth accounts
-  entirely distinct.
+  entirely distinct. Update: passwordauth never allowed `@` in usernames.
 * Currently, subscription to comments w/o registering is handled by
   passwordauth, by creating a passwordless account (making up a username,
   not using the email address as the username thankfully). That account can be