We need to do something about harvesting of email addresses from public Bugzilla installations. We currently grant "editbugs" privileges to the broad set of users we basically trust to manipulate bug data. We can generally trust these users to use email addresses wisely, and they're the group of active users who needs access to those addresses. We should restrict the display of email addresses to logged-in users with editbugs privileges. This bug does more than bug 219021, which displays addresses for all logged-in users. That bug is a good first step, but getting an account on a public Bugzilla installation is relatively easy, so it may not be sufficient to eliminate spam. Getting editbugs privileges on such installations also isn't hard, but it's significantly harder than getting an account, since it requires the user to first perform legitimate work. This bug does less than bug 163551 and bug 215439, which require more significant application changes and introduce greater code complexity. Such work and added complexity are unnecessary if we restrict the display of addresses to those users we trust to use them appropriately.
so how does someone w/o editbugs find a key to cc someone? presume the someone's name is "brian smith". for kicks his email address sorts past the 100 cutoff in both lists (firstname.lastname@example.org). (There really is at least one brian smith in bugzilla.mozilla.org, i'm not going to search through the 180,000 users to figure out if there's one that sorts below the 100 user limit, there very easily could be, but just downloading the list took a really long time earlier this week, and i deleted it already....)
Why not introduce a "handle" that could be used instead of the email address? Maybe the easiest way to implement that would be to actually use the current email field and have a new "real email address" field and when that is non-empty that's where mail is sent. All current features, such as CC and the Query page's "reported by" etc. probably would work without change? A "handle" can be any unique string, "Mats Palmgren" for example. Another concern I have on Bugzilla is that whenever I comment or change a bug my email address is sent in clear text form to all CCs,Owner,Reporter,QA + all their "watchers". Could you at least send the "real name" instead? Since you always include a link to the bug it should be obvious where to go to be able to reply, or explicitly spell that out in the bugmail since I have received many email replies directly from inexperienced Bugzilla users that didn't realize they should have made a comment on the bug. Regarding the trustworthyness of "editbugs" users - sure, but can you really rule out the possibility that at least one of them is infected with email-harvesting spyware?
> so how does someone w/o editbugs find a key to cc someone? Just like someone with editbugs: via user matching. The only difference is that we don't show email addresses, although we still search on them. If the 100 user cutoff is a problem in that situation, it's a problem now, and a separate bug. > Why not introduce a "handle" that could be used instead of the email address? That's bug 218917 (and possibly another, although I can't find it now). > Another concern I have on Bugzilla is that whenever I comment or change a bug > my email address is sent in clear text form to all CCs,Owner,Reporter,QA + > all their "watchers". Could you at least send the "real name" instead? Perhaps, for non-privileged users. > Regarding the trustworthyness of "editbugs" users - sure, but can you really > rule out the possibility that at least one of them is infected with > email-harvesting spyware? No, but I'm not aiming for a 100% solution, I'm looking for a 99% solution much easier to implement and maintain than the overcomplex 99.99% solutions proposed to date.
Reassigning bugs that I'm not actively working on to the default component owner in order to try to make some sanity out of my personal buglist. This doesn't mean the bug isn't being dealt with, just that I'm not the one doing it. If you are dealing with this bug, please assign it to yourself.
Assignee: justdave → general
QA Contact: mattyt-bugzilla → default-qa
This is an old bug dating back some years and I'm not certain if I should create a new bug report. I file Thunderbird bugs on bugzilla. My email address is clearly visible to all who read any bug or comment I make. REcently, some people were constantly adding derogatory chat to a bug due to their frustration. After asking them to only post useful information, I received a personal email from one person to my email address, that was clearly designed to be annoying and offensive. Please can email addresses not be exposed to non-developers.
You need to log in before you can comment on or make changes to this bug.