Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 03 Jun 2014 17:23:00 +0200
From:      Michelle Sullivan <michelle@sorbs.net>
To:        Alfred Perlstein <alfred@freebsd.org>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: [FreeBSD-Announce] FreeBSD bug tracking moves from GNATS to Bugzilla
Message-ID:  <538DE854.5010207@sorbs.net>
In-Reply-To: <538DE0B9.7040805@freebsd.org>
References:  <92E4FB10-DDC8-4B3E-9242-4E8494491630@FreeBSD.org> <538DBAEC.5060905@gmail.com> <AC5B5F36-CB39-40C2-8979-8D2007B0892A@FreeBSD.org> <538DE0B9.7040805@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Alfred Perlstein wrote:
>
> On 6/3/14, 5:16 AM, David Chisnall wrote:
>> On 3 Jun 2014, at 13:09, Vitaly Magerya <vmagerya@gmail.com> wrote:
>>
>>> It doesn't seem to be possible to post comments (or bugs) without
>>> creating an account and logging in.
>> That is correct.  The current leaning is towards not providing such
>> functionality as:
>>
>> - It makes spamming easy
>>
>> - If someone can't be bothered to make an account, they are unlikely
>> to provide the feedback required to correctly diagnose the bug.
>>
>> I don't know that this decision is final, but it's certainly unlikely
>> to be high up the priority list to implement it.  For FreeBSD 11,
>> we'd like to have an HTTP-based send-pr replacement, which will not
>> be able to enforce a valid email address, but which will at least
>> request one.  Although, again, we'll have to be careful to prevent it
>> from being used as a spam tool (send a pr claiming to be from a
>> different email address with a spam message and that person gets
>> notified) and so it will likely add the bug to a private queue where
>> it can be checked for spam before appearing in the main db. 
>> Volunteers to be spam filters welcome...
> I think a bunch of this can be solved by using oauth or something like
> it.  aka: login via github or facebook/twitter.

I for one would be highly opposed to it (facebook/twitter etc login) ...
3-4 years ago I went through 7 facebook accounts because of a vindictive
little psycho kept reporting all my posts and accounts as abusive
specifically to cause Facebook to delete my account...  This then
blocked the email address and telephone number from being used elsewhere
and I lost several associated accounts as a result - including paid for
services.  I will never use such again, even a court order didn't get
the (original) account reinstated or compensated.

As for spamming, there are solutions - some make it more difficult than
creating an account and logging in.  That said I've had my fair share of
spam through (verified email) logins... there is no easy solution, only
less painful ones. :/

A tool that resides in the base OS for sending bug reports would be a
good idea - even better if the tool reports basic OS parameters (uname
-a, and an OS unique token) and the connecting IP (as seen by the
receiving server) so that spammers cannot abuse it or be easily blocked.

Just my $0.02

Michelle
(from SORBS)

-- 
Michelle Sullivan
http://www.mhix.org/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?538DE854.5010207>