Bugzilla - an experiment in trackability

Don Clugston dac at nospam.com.au
Thu Mar 9 02:19:47 PST 2006 

Brad Roberts wrote:
> On Wed, 8 Mar 2006, Sean Kelly wrote:
>> Don Clugston wrote:
>>> Bruno Medeiros wrote:
>>>> The preferred way now to submit bugs is in the bugzilla, right Walter?
>>>> (and only in the bugzilla, since it takes care automatically of mirroring
>>>> the report on the .bugs NG, right?)
>>>>
>>>> How do we deal with spam now? For the bugzilla to work well I presume we
>>>> have to enter correct email addresses there, but, coupled with the NG
>>>> reporting (which, on top of that, is archived on the Web), we have a big
>>>> spam bait here.
>>> Yup, that's a feature of bugzilla which is absolutely dreadful. And there
>>> doesn't seem to be any need whatsover for email addresses to appear
>>> anywhere. (I submitted a bug report about gcc, and they put my email on the
>>> bug report (it appears in XREF section). Three weeks later the spam flood
>>> began. Turned me off gcc for life).
>>> Create a sacrificial email address for it, I reckon.
>> I simply game up on preventing spam a while back--a spam bot found my domain
>> and started hitting evveryone on it simultaneously.  However, we've got
>> Spamassassin and such installed to filter via procmail and I don't see more
>> than one or two spam mails a week in my inbox.  Couple that with the
>> Thunderbird filtering and that takes the number down to basically zero.  I'd
>> suggest simply using gmail or another service that has capable spam filtering
>> and not worry about it.  Though this obviously doesn't hold for work accounts
>> (I've never put my work email online and I probably get 10 spam mails a day
>> there).
> 
> A agree with Sean here.  I've used one and only one email address for a 
> little over 10 years now asside from a few spamtrap addresses at various 
> points on and off (ie, never ever used, just exist to see what spam gets 
> delivered).  The rates are approximately the same.  I long ago decided 
> that the only defense is to be defensive.. greylist, spamassassin, etc.  
> Train up some good filters and protect yourself.  Relying on lack of 
> posting just doesn't work.

Actually, it worked extremely well for me for a long time -- but I was 
very careful, using sacrificial emails for anything remotely suspect. I 
use dual filtering (both server and Thunderbird) as well. But until the 
gcc debacle, no spam had *ever* reached Thunderbird. Now that my 
workplace has started using Outlook (aka "Microsoft PetriDish (tm), the 
perfect breeding ground for viruses"), it's a lost cause for all my 
accounts.

> There's little point to a bug tracking system where you can't track and 
> communicate with the submitters.  Large percentage of bugs need 
> interaction.

I agree, but I think that information should only be visible to 
registered users. The dsource forums work very well that way, for example.

  Bugzilla, like most web based tracking systems, has that as
> an underlying assumption and I don't have the time or will to invest the 
> time it'd take to change that assumption.  I'd much rather spend it fixing 
> dmd/gdc/etc.

I agree, but I really think the Bugzilla guys should improve the 
situation. It's a relic of the pre-spam era. At the very least, it 
should warn anyone who registers, that any email address they enter will 
be spam bait.

More information about the Digitalmars-d-bugs mailing list