wolfden wrote:what about spam - this opens the door to millions of spam??
If anything, less than the mechanism you already do have. At worst, the external provider does not do any additional counter-bot checks...
You'd still have the forum / bugzilla IDs to ban anyhow, as the OpenID is merely mapped against them. The idea is not to give arbitrary people direct access to the forums, you merely allow the authentication of registered
users to be handled by external provider(s). All the manual-only elements of registration including anti-bot measures can be left in place.