Date: Tue, 3 Jun 2014 08:55:03 -0700 From: Alfred Perlstein <bright@mu.org> To: Michelle Sullivan <michelle@sorbs.net> Cc: Alfred Perlstein <alfred@freebsd.org>, "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD bug tracking moves from GNATS to Bugzilla Message-ID: <CC494457-5DA5-4D18-BAC1-E9E514AC4097@mu.org> In-Reply-To: <538DE854.5010207@sorbs.net> References: <92E4FB10-DDC8-4B3E-9242-4E8494491630@FreeBSD.org> <538DBAEC.5060905@gmail.com> <AC5B5F36-CB39-40C2-8979-8D2007B0892A@FreeBSD.org> <538DE0B9.7040805@freebsd.org> <538DE854.5010207@sorbs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Jun 3, 2014, at 8:23 AM, Michelle Sullivan <michelle@sorbs.net> wrote: >=20 > Alfred Perlstein wrote: >>=20 >>> On 6/3/14, 5:16 AM, David Chisnall wrote: >>>> On 3 Jun 2014, at 13:09, Vitaly Magerya <vmagerya@gmail.com> wrote: >>>>=20 >>>> It doesn't seem to be possible to post comments (or bugs) without >>>> creating an account and logging in. >>> That is correct. The current leaning is towards not providing such >>> functionality as: >>>=20 >>> - It makes spamming easy >>>=20 >>> - If someone can't be bothered to make an account, they are unlikely >>> to provide the feedback required to correctly diagnose the bug. >>>=20 >>> I don't know that this decision is final, but it's certainly unlikely >>> to be high up the priority list to implement it. For FreeBSD 11, >>> we'd like to have an HTTP-based send-pr replacement, which will not >>> be able to enforce a valid email address, but which will at least >>> request one. Although, again, we'll have to be careful to prevent it >>> from being used as a spam tool (send a pr claiming to be from a >>> different email address with a spam message and that person gets >>> notified) and so it will likely add the bug to a private queue where >>> it can be checked for spam before appearing in the main db.=20 >>> Volunteers to be spam filters welcome... >> I think a bunch of this can be solved by using oauth or something like >> it. aka: login via github or facebook/twitter. >=20 > I for one would be highly opposed to it (facebook/twitter etc login) ... > 3-4 years ago I went through 7 facebook accounts because of a vindictive > little psycho kept reporting all my posts and accounts as abusive > specifically to cause Facebook to delete my account... This then > blocked the email address and telephone number from being used elsewhere > and I lost several associated accounts as a result - including paid for > services. I will never use such again, even a court order didn't get > the (original) account reinstated or compensated. >=20 > As for spamming, there are solutions - some make it more difficult than > creating an account and logging in. That said I've had my fair share of > spam through (verified email) logins... there is no easy solution, only > less painful ones. :/ >=20 > A tool that resides in the base OS for sending bug reports would be a > good idea - even better if the tool reports basic OS parameters (uname > -a, and an OS unique token) and the connecting IP (as seen by the > receiving server) so that spammers cannot abuse it or be easily blocked. >=20 > Just my $0.02 >=20 > Michelle > (from SORBS) >=20 > --=20 > Michelle Sullivan > http://www.mhix.org/ >=20 All of those parameters can easily be faked. Not sure how that would help.=20= I still think using a form of oauth might help.=20 Other options are email registration that results in an API key that those c= ommand line apps can use. That API key can be revoked by the bugzilla admins= if needed. =20=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CC494457-5DA5-4D18-BAC1-E9E514AC4097>