Merge and claim account emails need a way to report abuse

Christian Reis wrote:

> Our merge and claim account emails need to offer a way to report abuse;
> for instance, when a random user attempts to claim an account, or
> attempt to merge somebody else's account into theirs (or vice-versa).

Why is this a problem? Similar issues happen with most systems with a
'request password change' button - people with non-unique nicks are always
hitting these buttons when they forget if they ever registered or which
nickname variant they registered under.

--
Stuart Bishop <email address hidden> http://www.canonical.com/
Canonical Ltd. http://www.ubuntu.com/

Well, because anybody can request to merge anybody's account, this can
be a potential attack vector (much more so than password recovery I
would say). See

    http://lists.kde.org/?l=kde-i18n-doc&m=116532648924441&w=2

for a concrete example of a user who would like this.

That wasn't a user, which was part of the problem. :-) (An exacerbating factor was that KDE translators seem to be distrustful of Launchpad generally.) A more obvious address for reporting abuse is a good idea, but that won't make sense to people who don't have an "account" with Launchpad to begin with. Reported bug 75976 on fixing the wording, but maybe we should also do something special when sending merge requests to e-mail addresses that apparently haven't used Launchpad before.