Bugzilla security problem

English
,
#1

If this isn’t the place for this, please forgive me. I don’t see any contact information on the Bugzilla site, but if I’ve overlooked it, please tell me.

I just added a comment to an enhancement request in Bugzilla.

My email address is displayed with my comment, in plain view of both people and - I assume - bots. It’s not just me; the previous commenter’s email is displayed, too. Sadly I didn’t notice that before I posted.

This seems like a really bad idea. No one wants their email hacked.

What I’m asking for:

  • Can my email be hidden? If so, how?
  • How can I get my comment deleted?
  • Any other suggestions anyone might have.

Thanks in advance…

#2

Retagged question as meta as not related to LO usage

Didn’t notice before. Effectively there are <a href="mailto:…"> HTML elements with explicit e-mail @ddresses but these @dresses are inserted only when you’re logged in.
This is very useful to get in touch with contributors and developers.

All in all, security is dependent on user-id/password. Malicious users and robots are supposedly not logged in and can’t see the @ddresses. You can legitimately object that anybody can create a new account just to get access to theses @dresses.

Personally, I subscribe only with disposable temporary @ddresses. If it is hacked, I throw it away and my computer is safe. Problem: I no longer have access to my account unless I can change the email destination.

1 Like
#3

Thank you, ajlittoz.

Meanwhile I found this list of Bugzilla administrators -
https://wiki.documentfoundation.org/QA/Bugzilla/Administration#Administrators
-and have emailed Xisco Fauli asking for my comment please to be deleted.

But I have no idea how current that contact information is.

I see your point about robots not being logged in. If all else fails, I hope that will help.

(You use a different disposable temporary email for every account you register online? I see the sense of that but my goodness it seems complicated.)

P.S. Any idea why I can’t get paragraph breaks in this post? It’s hard to read without them, sorry for that. I’m hitting Enter, more than once even. Preview shows paragraph breaks…

P.P.S. Paragraph breaks have spontaneously manifested… :joy:

#4

Yes, my email provider allows me 500 temp addresses. They all bounce to my real one. I route them into dedicated folders so that everything is sorted when delivered. My mail program is Thunderbird and I have several tabs open on the currently active addresses. It is very easy to manage. And when a message arrives on a non-open folder, folder name turns blue (and it remains bold if I have unread messages).

The most difficult is to remember which temp address match which service. For that I usually assign mnemotechnic suffix to my provider-defined prefix.

Behaviour differs between “solutions” and “comments”. Paragraph breaks are kept in “solutions” (therefore 2 = one blank line) while consecutive breaks are merged in “comments”, resulting in single line break.

Workaround is easy when you realise that posts are basically HTML though MarkDown is offered as formatting shortcuts. Just insert HTML <br> in your text and you get a white line between paragraphs. Other HTML also work such as <s> strike-through, <sub> subscript and others but <u> does not work for underline.

2 Likes
#5
  • Email addresses are displayed only to logged-in users, not to bots browsing Bugzilla.
  • Email addresses can’t be hidden. But you can change your email address, Preferences → Account Information, you’ll get a mail to the new address you’ll have to confirm.
  • Individual comments can’t be deleted.
#6

Thanks, erAck - successfully changed (even if it’s not actually necessary).

Impressum (Legal Info) | Datenschutzerklärung (Privacy Policy)   Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.