Decide about E-Mail visibility in Bugzilla (spam)

[idl0r]

Dear Community,

you've surely noticed more spam, in case you have a bugzilla account.
Now you have the chance to vote for your favourite solution, see also
spammers can read the email addresses of the users.

[Jim6]

Voted: ALL addresses hidden to non-signed in

It's important that there's a strong CAPTCHA for registering as well though.


Perhaps set a time limit on accepting votes?

[idl0r]

[robbat2]

[V-Li]

Developer addresses should always be visible in my eyes. So I voted for obfuscation for non-logged in with exception of @gentoo.org addresses.
_________________
Christian Faulhammer, Gentoo Lisp project, GNU Emacs wrangler
http://www.gentoo.org/proj/en/lisp/ #gentoo-lisp on FreeNode

http://gentoo.faulhammer.org/

[timeBandit]

Could addresses be HTML-entity encoded when displayed, as well? That would thwart most bots, I would think.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others.

[robbat2]

[jmbsvicetto]

[Etal]

I voted for "ALL addresses hidden to non-signed in" because that seems to work.

When I first signed up for the gentoo bugzilla years ago, I soon noticed a large influx of spam in my spam folder (having 'a' as the first letter didn't help)

About a year ago, I needed to sign up for some KDE mailinglists, so I opened a new account and also set my KDE bugzilla account to point there. In that year, I haven't received a single spam message. I have significantly more activity in the KDE bugzilla than on Gentoo's.

The way they do it is that for all the non-logged-in users, only the name is shown. When the user is logged in, the name becomes a "mailto:" link.

As for the @gentoo.org addresses, although I'm not a developer, I think it would be better to hide them as well because unless it is required by policy to use the gentoo email on bugzilla, it might discourage people from using them and that would make things confusing. And if you're already checking for them, you could just as well add "(dev123)" after the name or something to distinguish them and give hint at how to contact.

Well, just my 2¢

[yngwin]

[Old School]

ALL addresses hidden to non-signed in
_________________
I am not young enough to know everything.
- Oscar Wilde

[aidanjt]

I have another suggestion to add to the poll, hide non-@gentoo.org addresses except from those on the CC list (which should be hidden to non-authenticated users).
_________________

[eccerr0r]

I have a feeling if the spammer knows a bugzilla site has a lot of people going there, they will spend the effort for one person to sit there and solve the captcha puzzle and then automate the rest. So unless there's a captcha puzzle for *every* email query and/or post this won't work.

At least that's how I think my phpbb2 got captcha cracked despite not really getting much traffic. I knew my "custom" captcha would fail most bots but recently it too got hacked. Since every post is somewhat like an email, I'm sure it would turn off people from posting if I made every post require a captcha puzzle solve.

sigh... $*#@ these people who respond to spam, making spam lucrative!
_________________
Core2Quad 9550S/4GB/4x500G RAID5/RadeonHD 5770
What the heck am I advocating?

[Rhywek]

Looks like 98% of people want the change to happen, and hide the emails. So anybody knows if some solution will be implemented?

As a non-gentoo-dev, I would like my email to be invisible in bugzilla. There should be at least some option to hide it in account preferences, but there is none... :-(

[idl0r]