Re: What? Bugzilla uses my email address as my ID?
 

My apologies to Andre then.
Even if he's not making a statement as a Nokia employee, he's still a representative for the maemo.org community. Comments such as his (even though it was ultimately in jest) are not very professional when people are bringing up real concerns.

For the 'record', spam RARELY made it to my inbox before I joined in on the Maemo bugzilla fun, now I get several a day that make it past the gmail spam blocker..

Re: What? Bugzilla uses my email address as my ID?
 

*sigh*.....

Re: What? Bugzilla uses my email address as my ID?
 

Bugzilla 3.4 does not show user account email addresses to people not authenticated. If it does somewhere, it is a bug.
Don't know of any Maemo/MeeGo policies about this.

Yes. See comment 5 in that report.

Re: What? Bugzilla uses my email address as my ID?
 

Heh, no problem.

Well, I could add a footer to each of my postings here:
"It should be obvious but in case it isn't: the opinions reflected here are my own. They are not the views of my employer, the Queen of England, George W. Bush or anyone else." (copied from mezcalero's blog).
However I have no plans to do that.
Plus I could also simply stay away from talk.maemo.org.
But I have no plans to do that either.

True. However I don't manage to be serious the entire day as work and open source communities should also be fun, and I can live with the fact that sometimes my specific sense of humour is confusing, not understood, or not well-received.
That's the collateral damage I am more than willing to accept as egoistically speaking I have a way better life by that.

Plus I get more hatemail (being the evil guy closing some unbelievably important bug reports/requests that will make the world collapse tomorrow if not getting fixed ASAP) that I collect and later on publish as a book to make lotsa $$$$!!!!

(Disclaimer: This was a bloody serious posting, as always.)

Re: What? Bugzilla uses my email address as my ID?
 

Thanks - I thought it best to ask as your boiler plate text confused me. No doubt it will confuse new bug reporters too, many of whom may decide not to bother signing up as a result.

It might be worth clarifying that before we all pile headlong into the new meego.com defect tracking system. All organisations should at least decide and agree publicly that the privacy of their members/community is of paramount importance, even if they can't decide in a month of Sundays what fracking forum software to use (joke). :)

Thanks.

Re: What? Bugzilla uses my email address as my ID?
 

Put me down for a copy!

Bug db forces non-disposable email addresses, then they publicize it!
 

bugs.maemo.org refuses to open new accounts for users who protect themselves with disposable email addresses. Then the db admins have the nerve to publicize everyones email address! This is totally reckless and irresponsible.

bugs.maemo.org is being harvested by spammers, who are then attacking these accounts chronically.

Has anyone discovered a type of disposable email address that bugs.maemo.org does not know about?

Re: Bug db forces non-disposable email addresses, then they publicize it!
 

Gmail keeps the spam out.

Spam is a fact of life, you just have to deal with it. Having an email address that can't filter spam is like having a car with no roof - it's not practical for everyday use.

Re: Bug db forces non-disposable email addresses, then they publicize it!
 

True that. I already got to my GMail account before I signed up here, so I never thought about that.

Re: Bug db forces non-disposable email addresses, then they publicize it!
 

Sure, as well as the legit email. Gmail is for simple users. Advanced users certainly do not depend on gmail accounts. It has false positives and in terms of capability it's too limiting. It's also weakly secured and far too inadequate to win support from any street wise users.

Know your audience. A bug tracking system needs to cater to advanced users. By accepting disposable addresses, this would not prevent basic users from supplying their gmail addresses if they want access.
Of course. You are stating my case.
Exactly my point. So why limit yourself to one lousy mechanism for protection? You don't force everyone to adopt the lowest common denominator. It makes no sense from a security standpoint. The rule of least privilege trumps here. You don't disclose more sensitive information than needed for the job - even in your hypothetical world where there are no false positives, and all spam is detected as a true positive.
Insisting that users rely on one instrument for protection is like having a car with a roof but no windows, and claiming the roof will protect you from the rain. It's not a complete solution. Nor is filtering.

Of course you still filter. But you do it based on content, not IP address. Gmails filtering is not sophisticated enough to rely wholly on content analysis. Gmail takes that crude and error prone step of blackballing IP addresses. Gmail also has blocks in place to prevent dynamic outbound FROM header fields. They overzealously try to stop their own users from sending spam, and as a result they restrict users from using the more effective self-defensive mechanisms.

Re: Bug db forces non-disposable email addresses, then they publicize it!
 

Spam is not a fact of life unless you are flippant with your email address, I am not, and I have not had spam for some years, but having joined the bug tracker system and added to bug reports, I now am getting some spam, too much of a coincidence me thinks.

There is no reason for everyone’s email addresses to be displayed, the system could keep them hidden and safe by making sure everyone used an alias and displaying that instead. Then everyone concerned could still get notified when a bug report gets added to.
talk.maemo.org works very well this way and I joined it along time before joining the bug tracker system.

If the bug tracker system is known to spammers as a weak site, there is nothing stopping them from signing up and harvesting everyone’s emails.

Re: Bug db forces non-disposable email addresses, then they publicize it!
 

havent seen any spam in my email I use in bugzilla....

Re: Bugzilla members security?
 

The following threads have been merged into this thread:

• "What? Bugzilla uses my email address as my ID?" with eighty-four posts
• "Bug db forces non-disposable email addresses, then they publicize it!" with six posts

Re: What? Bugzilla uses my email address as my ID?
 

Have you confirmed that bugs.maemo.org accepts mailinator.com addresses?

If it does, that's would be almost reasonable. I say "almost", because mail sent to mailinator addresses is public, and the user has the burden of proactively checking the web for replies (and it's a separate check per address).
spamgourmet.com is one -- and it's being blocked from those who sign up for bug tracker accounts.

I've proven the contrary. I managed to find a disposable address that didn't get rejected. So all the spam now flooding into that address is purely from a compromise in the bugzilla system. It's the reason I started the thread that got merged with this one.

(if you're wondering why I don't continue with that type of address, the sysadmins have figured it out since I created it, and it's now blocked. bugs.maemo.org now blocks the slightest modification to that address)

Bug reporters are public servants who contribute positively to the community. The idea is to encourage this (uncompensated) behavior.

Both forcing users to give up a real email address, and then simultaneously denying them the option to hide that address is not the way to encourage participants to offer their services.

It's totally unreasonable that maemo.org has taken a stance against disposable addresses, and then forced exposure of the more sacred addresses they forced people to register with.

Re: What? Bugzilla uses my email address as my ID?
 

I don't support that combination, either, but I don't have a problem with requiring real email accounts for bug reporting AND allowing them to be hidden from report views.

Re: Bugzilla members' security? Publication of email addresses leads to spam?
 

At talk.maemo.org the Mailadresses are hidden by default and you can show it to all members if you want. The system provides the possibility to send a Mail to the Member thru the system for a first contact. You don't need to have the Mailadress for this, it's enought that the system has the Adress.

In my opinion bugs.maemo.org should work the same way. Hide the Mailadress by default and show only real Names or if you want to stay incognito Nicknames.

In my opinion it is sometimes very important to hide your real identity. I have at example here at talk.maemo.org two accounts. This one to hide my real identity and a second one to publish my real name to everyone.

Re: What? Bugzilla uses my email address as my ID?
 

Although that would be an improvement, it neglects basic security principles. It's backwards to pursue a model of least security, and then ask to justify policies that are more secure. The way forward is to start with the policy that is most secure (ie. minimal disclosure), and demand justification when a policy reduces security.

IOW, the question is not why the personal identities of users need to be withheld. The question is why the personal identities of participants on a bug reporting system must be disclosed. From a security viewpoint, there does not exist a rational justification. Registration already covers the need to shut down malicious users.

The only benefit to identity disclosure is attribution. And if a user wants to make sure that they get credit for documenting a bug or workaround, they can do this regardless of whether forced disclosure is in place.