Bugzilla - an experiment in trackability
Don Clugston
dac at nospam.com.au
Thu Mar 9 02:19:47 PST 2006
Brad Roberts wrote:
> On Wed, 8 Mar 2006, Sean Kelly wrote:
>> Don Clugston wrote:
>>> Bruno Medeiros wrote:
>>>> The preferred way now to submit bugs is in the bugzilla, right Walter?
>>>> (and only in the bugzilla, since it takes care automatically of mirroring
>>>> the report on the .bugs NG, right?)
>>>>
>>>> How do we deal with spam now? For the bugzilla to work well I presume we
>>>> have to enter correct email addresses there, but, coupled with the NG
>>>> reporting (which, on top of that, is archived on the Web), we have a big
>>>> spam bait here.
>>> Yup, that's a feature of bugzilla which is absolutely dreadful. And there
>>> doesn't seem to be any need whatsover for email addresses to appear
>>> anywhere. (I submitted a bug report about gcc, and they put my email on the
>>> bug report (it appears in XREF section). Three weeks later the spam flood
>>> began. Turned me off gcc for life).
>>> Create a sacrificial email address for it, I reckon.
>> I simply game up on preventing spam a while back--a spam bot found my domain
>> and started hitting evveryone on it simultaneously. However, we've got
>> Spamassassin and such installed to filter via procmail and I don't see more
>> than one or two spam mails a week in my inbox. Couple that with the
>> Thunderbird filtering and that takes the number down to basically zero. I'd
>> suggest simply using gmail or another service that has capable spam filtering
>> and not worry about it. Though this obviously doesn't hold for work accounts
>> (I've never put my work email online and I probably get 10 spam mails a day
>> there).
>
> A agree with Sean here. I've used one and only one email address for a
> little over 10 years now asside from a few spamtrap addresses at various
> points on and off (ie, never ever used, just exist to see what spam gets
> delivered). The rates are approximately the same. I long ago decided
> that the only defense is to be defensive.. greylist, spamassassin, etc.
> Train up some good filters and protect yourself. Relying on lack of
> posting just doesn't work.
Actually, it worked extremely well for me for a long time -- but I was
very careful, using sacrificial emails for anything remotely suspect. I
use dual filtering (both server and Thunderbird) as well. But until the
gcc debacle, no spam had *ever* reached Thunderbird. Now that my
workplace has started using Outlook (aka "Microsoft PetriDish (tm), the
perfect breeding ground for viruses"), it's a lost cause for all my
accounts.
> There's little point to a bug tracking system where you can't track and
> communicate with the submitters. Large percentage of bugs need
> interaction.
I agree, but I think that information should only be visible to
registered users. The dsource forums work very well that way, for example.
Bugzilla, like most web based tracking systems, has that as
> an underlying assumption and I don't have the time or will to invest the
> time it'd take to change that assumption. I'd much rather spend it fixing
> dmd/gdc/etc.
I agree, but I really think the Bugzilla guys should improve the
situation. It's a relic of the pre-spam era. At the very least, it
should warn anyone who registers, that any email address they enter will
be spam bait.
More information about the Digitalmars-d-bugs
mailing list