Yeah well fuck right off then. I'm just going to build a bot to auto signup for every possible username combination left in the latin alphabet. Then after the media bullshit dies down they'll be changing this policy.

👺

you are ready to create billions of accounts?

@stop you don't need to create all of them.

Just enough to send a message.

I'd love to support you in this cause.

I don't see a reason why they should not allow this. Unless their architecture is modelled in a shitty way.

@sariel with 6 character usernames you are breakinf the billion barrier. And you probably have to create the accounts and delete them to trigger this.

just send a message

@theKarlisK then probably the spam detection will be triggered

@theKarlisK this guy scrapy's

@Floydimus Oh its most definitely a stupid management decision at microsoft tO sAvE mOneY

Should be if your account is dormant for 6 months, it's deleted. Multiple warning emails, that's how (respectful, non FAANG) services usually do it.

So they prevented you from giving your account the name of another account which doesn't exist anymore but once hosted the release repo of an important package that is deprecated for a long time but can still be found as dependency in some high-profile projects which did not care to update yet?

Wonder what reason they could have for that...

that makes no sense.

what if someone went to jail or the hospital ?

oh no! fuck. :(
I was about to request exactly this and man I'd even be happy to pay a fee for the service... darn this sounds like stupid lazyness.

@catgirldev couldn't people just fork it in that case?

M$ bs

@Oktokolo sounds to me that sourcing our deps from the source is a bad idea then. Maybe we should instead use a package manager with signatures and trust keys....

I wonder if such a system exists?/s

@catgirldev it stops being important to you 🤣

@sariel Yes, they exist - and are based on repos with known identifiers too.

@Oktokolo Linux package managers like apt, dnf, apk are more of what I was thinking about.

Ugh the deleted account they for some reason got rid of included that, heres a point stop trying to 'clean up' after me !!! assholes !

@sariel Well, their domain names are security relevant too. The keys their package managers use are as correct as the initial key in the iso image, the user downloaded from a website only identified by the domain name. Maybe the user even verified the ISO's fingerprint - using information from the same site of course...

Identifiers are important because trust on first use is pretty common. Well-known identifiers changing ownership can be a severe security issue.

A less permanent version of what Github does should be done everywhere: Keep abandoned names locked away for some time to avoid impersonation attacks in the (often surprisingly long) timeframe between a project's death and its users realizing that.