Trac tickets ready for general use

Andy Dougherty doughera at lafayette.edu
Mon Dec 8 16:14:17 UTC 2008


On Mon, 8 Dec 2008, Joshua Juran wrote:
> On Nov 21, 2008, at 11:16 AM, Joshua Hoblitt wrote:
> 
> > On Thu, Nov 20, 2008 at 10:01:40PM -0800, Allison Randal wrote:
> > > Attachments are modifications to the ticket (you submit the ticket and
> > > then add the attachment), so it's the TICKET_APPEND permission, which I
> > > just granted to anonymous users. This also grants anonymous users
> > > permission to make comments on tickets. If we start to get comment spam,
> > > we can restrict it to registered users again.
> > 
> > Our @$work bugzilla instance was left alone for a year or two (wasn't
> > publisized at all) and then started getting massive ammounts of spam that
> > were
> > a real PITA to cleanup after the fact.  I doubt there are as many robots
> > targetting Trac as Bugzilla yet but I'd suggest trying to limit this problem
> > before it starts as it's an almost certainty that someone, someday, will
> > have
> > to clean up the mess...
> 
> If the submitted content appears in public immediately, I expect it will be
> abused.  If it's possible to require moderation of comments, I would do that.
> Allowing any registered user to see and approve anonymous comments is no worse
> (and probably better) than unmoderated comments.  Admins can reject comments,
> delete them after approval by a rogue user, and ban said user.
> 
> There's no sense waiting for the sucker punch to land before putting your
> guard up.

You may well be right.  Cleaning up spam is a poor use of volunteer
time.  As long as it's clear to a new unregistered user how to submit a
useful bug report (that might even include a patch or a backtrace or a
build log or something else useful) that would satisfy me.

-- 
    Andy Dougherty		doughera at lafayette.edu


More information about the parrot-dev mailing list