Trac tickets ready for general use

Joshua Juran jjuran at gmail.com
Mon Dec 8 15:13:04 UTC 2008


On Nov 21, 2008, at 11:16 AM, Joshua Hoblitt wrote:

> On Thu, Nov 20, 2008 at 10:01:40PM -0800, Allison Randal wrote:
>> Attachments are modifications to the ticket (you submit the ticket  
>> and
>> then add the attachment), so it's the TICKET_APPEND permission,  
>> which I
>> just granted to anonymous users. This also grants anonymous users
>> permission to make comments on tickets. If we start to get comment  
>> spam,
>> we can restrict it to registered users again.
>
> Our @$work bugzilla instance was left alone for a year or two (wasn't
> publisized at all) and then started getting massive ammounts of  
> spam that were
> a real PITA to cleanup after the fact.  I doubt there are as many  
> robots
> targetting Trac as Bugzilla yet but I'd suggest trying to limit  
> this problem
> before it starts as it's an almost certainty that someone, someday,  
> will have
> to clean up the mess...

If the submitted content appears in public immediately, I expect it  
will be abused.  If it's possible to require moderation of comments,  
I would do that.  Allowing any registered user to see and approve  
anonymous comments is no worse (and probably better) than unmoderated  
comments.  Admins can reject comments, delete them after approval by  
a rogue user, and ban said user.

There's no sense waiting for the sucker punch to land before putting  
your guard up.

Josh




More information about the parrot-dev mailing list