242087 - after adding comment to existing bug, Bug processed page displays everyone's e-mail in plain text (bad for privacy)

Status: RESOLVED DUPLICATE of bug 219021

(Bugzilla :: Creating/Changing Bugs, enhancement)

Description

[roseman]

User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7b) Gecko/20040421
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7b) Gecko/20040421

after adding a comment to an existing bug, the Bug processed page which then
pops up displays everyone's e-mail in plain text. for those concerned with
privacy, this is not good. ok, ok, bugzilla users are not likely to harvest
e-mails for spammers, but it is unsettling at first to see so many names instead
of just the nickname for a mailing list. does this feature serve useful purpose?
do the bug managers want/need to see the names out in the open? if so, then
please ignore this post. any usefulness of this "feature" would outway any minor
privacy concers, sine this page probably never shows up out in public. but if
this display-of-addresses "feature" is not really used by anyone, could it be
reviewed to see if it should be modified, so that only more administrative types
get to see all the individual addresses? thanx!

Reproducible: Always
Steps to Reproduce:
1. find existing bug in bugzilla
2. add a comment to it 
3. see how confirmation page then shows long(?) list of other peoples e-mail
addresses

Actual Results:  
as descibed above

Expected Results:  
would expect only a nickname for that e-mail list might show up, unless person
viewing had some special privileges most of us don't have.

this only matters to people paranoid about their privacy. the system works, but
for privacy advocates, it displays a little more than we might expect. if this
list is ONLY visible to those who have registered with bugzilla, and have gone
thru hoops to enter or change a bug, then this may not even be an issue.

Comment 1

[Dave Miller [:justdave]]

Actually, they're mangled in the HTML source.  The only look like complete
addresses to the human eye. :)  This successfully fools *most* of the spam
robots (see bug 120030).  It is not, however, a complete solution, as the
spammers continue to get smarter.  See the following bugs for the proposals
currently on the table for continuing to thwart the spammers in better ways:

bug 218917
bug 229825
bug 215439
bug 219021

All of those email addresses are visible on the bug without changing it.  (Look
at the CC field and show votes on a bug, for example, not to mention the report,
qa, and owner).  But they are similarly munged as described on bug 120030.

Bug 219021 sounds the closest to what your complaint is, so I'll dupe this one
to that.

*** This bug has been marked as a duplicate of 219021 ***

Comment 2

[roseman]

(In reply to comment #1)
> Actually, they're mangled in the HTML source.  The only look like complete
> addresses to the human eye. :)  This successfully fools *most* of the spam
> robots (see bug 120030).  It is not, however, a complete solution, as the
> spammers continue to get smarter.  See the following bugs for the proposals
> currently on the table for continuing to thwart the spammers in better ways:
> 
> bug 218917
> bug 229825
> bug 215439
> bug 219021
> 
> All of those email addresses are visible on the bug without changing it.  (Look
> at the CC field and show votes on a bug, for example, not to mention the report,
> qa, and owner).  But they are similarly munged as described on bug 120030.
> 
> Bug 219021 sounds the closest to what your complaint is, so I'll dupe this one
> to that.
> 
> *** This bug has been marked as a duplicate of 219021 ***

 
yes, it looks like my concerns are in fact already being (pardon the term)
addressed. did a quick search, and had not yet found any duplicates, but you
show several. thanx for the updated info!  :)  --roseman