Last modified: 2011-07-13 01:13:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T31852, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 29852 - email address on bugzilla account registration could be disclosed accidentally
email address on bugzilla account registration could be disclosed accidentally
Status: RESOLVED DUPLICATE of bug 148
Product: Wikimedia
Classification: Unclassified
Bugzilla (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Bugmeister Bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-07-12 22:51 UTC by Saibo
Modified: 2011-07-13 01:13 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Saibo 2011-07-12 22:51:33 UTC 
The bugzilla system does not really respect [[WP:ANON]] - the account creation here https://bugzilla.wikimedia.org/createaccount.cgi  which is needed to report bugs on wikimedia's servers needs a valid(!) mail address. Users often have real name mail addresses while being pseudonymous on-wiki. Users who do not exactly read the message on the registration page can be easily tricked to disclose their real name since the email address will be public in bugzilla!

This is especially bad for people who do not speak English - or do only speak a bit. They could simply not understand what will happen with their email address. It is VERY uncommon that a email address which is required(!) for registration is made public. 

Bugzilla links are spread in our projects in village pump discussions and so on. 

---

Simple: solution do not make email adresses public and do not require email adresses for registration.
Comment 1 Sam Reed (reedy) 2011-07-12 22:56:58 UTC 
E-mail address is used as login, and is how bugzilla is built around users having emails
Comment 2 Mark A. Hershberger 2011-07-13 00:20:51 UTC 
(In reply to comment #1)
> E-mail address is used as login, and is how bugzilla is built around users
> having emails

See discussion at https://bugzilla.mozilla.org/show_bug.cgi?id=425663#c23
Comment 3 Chad H. 2011-07-13 00:25:17 UTC 
I personally think integrating CentralAuth and BZ is a horrible waste of time. I'd much rather see us use something like OpenID for our SUL purposes, rather than hacking more crap into CA.
Comment 4 Brion Vibber 2011-07-13 01:13:48 UTC 

*** This bug has been marked as a duplicate of bug 148 ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links