From owner-freebsd-ports@FreeBSD.ORG Tue Jun 3 23:13:43 2014 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 48436F3F; Tue, 3 Jun 2014 23:13:43 +0000 (UTC) Received: from hades.sorbs.net (hades.sorbs.net [67.231.146.201]) by mx1.freebsd.org (Postfix) with ESMTP id 2FBDF25F4; Tue, 3 Jun 2014 23:13:42 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from isux.com (firewall.isux.com [213.165.190.213]) by hades.sorbs.net (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013)) with ESMTPSA id <0N6M0061N8O90900@hades.sorbs.net>; Tue, 03 Jun 2014 16:16:59 -0700 (PDT) Message-id: <538E56A2.9070100@sorbs.net> Date: Wed, 04 Jun 2014 01:13:38 +0200 From: Michelle Sullivan User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.24) Gecko/20100301 SeaMonkey/1.1.19 To: Eitan Adler Subject: Re: [FreeBSD-Announce] FreeBSD bug tracking moves from GNATS to Bugzilla References: <92E4FB10-DDC8-4B3E-9242-4E8494491630@FreeBSD.org> <538DBAEC.5060905@gmail.com> <538E01CB.1050607@marino.st> In-reply-to: Cc: ports@freebsd.org, marino@freebsd.org, David Chisnall , Vitaly Magerya , =?ISO-8859-1?Q?Ulrich_Sp=F6rlein?= X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 23:13:43 -0000 Eitan Adler wrote: > On 3 June 2014 10:11, John Marino wrote: > >> ... it's doubtful most folks unwilling to register are >> about to make a meaningful report... >> > > This is *not* the reason for registation. > > The reason for registation is that we know from experience that having > a way to talk with the reporter drastically increases the chance that > the bug will get fixed. Registration offers verification of the > submitters email. > +1 ... actually +~ ... been there done than... at SORBS (attacked on a daily basis at times)... I went with the following that FreeBSD might find useful: 1/ No login, no information (static pages only) 2/ No Login + Catpcha (self generated, tho reCaptcha would work), limited information and rate limiting (on IP address) 3/ Login - email verified, admin *not verified* (ie general user) .. a little more information than in (2) and rate limits increased (and not limited to IP - though changing IP will require re-login). 4/ Login - email verified - admin verified (ie: privileged user) .. full (almost - based on permissions) access... rate limiting removed. how I could see that apply to FreeBSD (using the same numbering): 1/ static pages only 2/ can view a bug (and *maybe* log a bug - a single bug per day/week/month) 3/ can log a bug and view a bug 4/ can work on a bug, log a bug and view a bug. > We would rather get fewer higher quality and more engaged bugs than > what we've had in the past where bugs were a one way vent. > > To preempt the next question: why don't we allow users to submit via > email but verify with a token? That system isn't possible with how > the gateway is set up now. Its a long term possability. If someone > wants to help set that up please contact me offline (at bugmeister@). > I'm happy to help setup all sorts of anti-spam systems - feel free to mail me offlist. > What about bug followups via email? Possibly a problem (but not really - "if you're not the originator of the bug, and not logged in, you can't update it at all"..) > That one won't be supported for a > bit as we get used to bugzilla. It certainly on the cards to support > in the future. > > > > Michelle -- Michelle Sullivan http://www.mhix.org/