From owner-freebsd-ports@FreeBSD.ORG Tue Jun 3 15:55:06 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AB07AAC2; Tue, 3 Jun 2014 15:55:06 +0000 (UTC) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 1CAEA2A3F; Tue, 3 Jun 2014 15:55:06 +0000 (UTC) Received: from [10.0.1.103] (c-76-21-10-192.hsd1.ca.comcast.net [76.21.10.192]) by elvis.mu.org (Postfix) with ESMTPSA id 5413E1A3C61; Tue, 3 Jun 2014 08:55:05 -0700 (PDT) References: <92E4FB10-DDC8-4B3E-9242-4E8494491630@FreeBSD.org> <538DBAEC.5060905@gmail.com> <538DE0B9.7040805@freebsd.org> <538DE854.5010207@sorbs.net> Mime-Version: 1.0 (1.0) In-Reply-To: <538DE854.5010207@sorbs.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: X-Mailer: iPhone Mail (11D201) From: Alfred Perlstein Subject: Re: [FreeBSD-Announce] FreeBSD bug tracking moves from GNATS to Bugzilla Date: Tue, 3 Jun 2014 08:55:03 -0700 To: Michelle Sullivan Cc: Alfred Perlstein , "freebsd-ports@freebsd.org" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 15:55:06 -0000 > On Jun 3, 2014, at 8:23 AM, Michelle Sullivan wrote: >=20 > Alfred Perlstein wrote: >>=20 >>> On 6/3/14, 5:16 AM, David Chisnall wrote: >>>> On 3 Jun 2014, at 13:09, Vitaly Magerya wrote: >>>>=20 >>>> It doesn't seem to be possible to post comments (or bugs) without >>>> creating an account and logging in. >>> That is correct. The current leaning is towards not providing such >>> functionality as: >>>=20 >>> - It makes spamming easy >>>=20 >>> - If someone can't be bothered to make an account, they are unlikely >>> to provide the feedback required to correctly diagnose the bug. >>>=20 >>> I don't know that this decision is final, but it's certainly unlikely >>> to be high up the priority list to implement it. For FreeBSD 11, >>> we'd like to have an HTTP-based send-pr replacement, which will not >>> be able to enforce a valid email address, but which will at least >>> request one. Although, again, we'll have to be careful to prevent it >>> from being used as a spam tool (send a pr claiming to be from a >>> different email address with a spam message and that person gets >>> notified) and so it will likely add the bug to a private queue where >>> it can be checked for spam before appearing in the main db.=20 >>> Volunteers to be spam filters welcome... >> I think a bunch of this can be solved by using oauth or something like >> it. aka: login via github or facebook/twitter. >=20 > I for one would be highly opposed to it (facebook/twitter etc login) ... > 3-4 years ago I went through 7 facebook accounts because of a vindictive > little psycho kept reporting all my posts and accounts as abusive > specifically to cause Facebook to delete my account... This then > blocked the email address and telephone number from being used elsewhere > and I lost several associated accounts as a result - including paid for > services. I will never use such again, even a court order didn't get > the (original) account reinstated or compensated. >=20 > As for spamming, there are solutions - some make it more difficult than > creating an account and logging in. That said I've had my fair share of > spam through (verified email) logins... there is no easy solution, only > less painful ones. :/ >=20 > A tool that resides in the base OS for sending bug reports would be a > good idea - even better if the tool reports basic OS parameters (uname > -a, and an OS unique token) and the connecting IP (as seen by the > receiving server) so that spammers cannot abuse it or be easily blocked. >=20 > Just my $0.02 >=20 > Michelle > (from SORBS) >=20 > --=20 > Michelle Sullivan > http://www.mhix.org/ >=20 All of those parameters can easily be faked. Not sure how that would help.=20= I still think using a form of oauth might help.=20 Other options are email registration that results in an API key that those c= ommand line apps can use. That API key can be revoked by the bugzilla admins= if needed. =20=