While this will work a very large proportion of the time, and has a big benefit of offloading security as you mention, email is fundamentally asynchronous and can be affected by issues outside of your (and the email providers') control.
Another point that UX designers might make is that this solution necessarily takes users away from your site to complete login, and that can introduce a place for users to drop off. I'm not sure it's that significant, but I've heard it used as an argument.
> Here are the screenshots of working example on an iTerm2 terminal (Mac OS), oh-my-zsh with powerlevel9k theme and powerline nerd-font + awesome-config font with the Solarized Dark color theme.
> The article starts by complaining about "drive-by issue comments", then described opening what might be considered a drive-by issue. That could be construed as contradictory.
The article is reasonably clear that "drive-by issues" are ones where people leave comments uninvited, and it's also explicit that Caroline was specifically asked to review the survey in question. So it's hard to read that as contradictory.
> Caroline was specifically asked to review the survey in question.
Yes and no. From the article:
> One day a notification came to me that a repo for the open source developer survey had been created and that the survey questions were in progress. My director followed up with me to make sure that I was aware of the survey and asked me to review the questions. I worked my way through, and stopped short at one particular question...
She got a notification of the repository, was asked by someone (not the person working on it) to review the questions, and decided that these two interactions separately constituted an invitation to give public feedback.
Then, her primary feedback was in the form of creating an issue about a specific question, with a terse description. (If you look at the repository in question [0], it appears her feedback came in the form of opening two similarly-terse issues about back-to-back questions with no further comments on the survey for 10 days.)
It's easy to imagine viewing that as a negative interaction from the other side.
I'm not saying it was handled well, or that it wasn't possible to resolve it in another way, but, yeah, I can imagine getting a little upset about that sort of thing happening in the author's shoes.
rooting their phone is not something a security-conscious person would do, either.
Edit: maybe I should have explained my position. There are a few security issues with rooting a phone, e.g.:
- rooting usually requires unlocking the bootloader. Once it's unlocked, anyone can flash or boot a custom recovery and modify your system partition. Enrolling your own keys in the recovery and re-locking the bootloader, while possible, is an undocumented and complex process that just about nobody uses, see https://mjg59.dreamwidth.org/31765.html . You're also screwed if a system update replaces the recovery. Once the bootloader is unlocked, anyone with physical access to your phone can mess with your system in malicious ways.
- it circumvents the system's permission model. A malicious app that tricks the user into granting it root rights (maybe for a legitimate reason) could access information it shouldn't have, install a keylogger, etc.
I am not suggesting to break a law (I don't live in US so that law doesn't apply to me anyway). I just try to point out that it is wrong and serves only publishers' interests.
We already have these features, we just opted to make them EE/.com only since we think they are more relevant for organizations that have more than 100 potential users.
Another point that UX designers might make is that this solution necessarily takes users away from your site to complete login, and that can introduce a place for users to drop off. I'm not sure it's that significant, but I've heard it used as an argument.