Page MenuHomePhabricator

email address on bugzilla account registration could be disclosed accidentally
Closed, ResolvedPublic

Description

Author: saibotrash

Description:
The bugzilla system does not really respect [[WP:ANON]] - the account creation here https://bugzilla.wikimedia.org/createaccount.cgi which is needed to report bugs on wikimedia's servers needs a valid(!) mail address. Users often have real name mail addresses while being pseudonymous on-wiki. Users who do not exactly read the message on the registration page can be easily tricked to disclose their real name since the email address will be public in bugzilla!

This is especially bad for people who do not speak English - or do only speak a bit. They could simply not understand what will happen with their email address. It is VERY uncommon that a email address which is required(!) for registration is made public.

Bugzilla links are spread in our projects in village pump discussions and so on.


Simple: solution do not make email adresses public and do not require email adresses for registration.


Version: unspecified
Severity: normal

Details

Reference
bz29852

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 21 2014, 11:27 PM
bzimport set Reference to bz29852.

E-mail address is used as login, and is how bugzilla is built around users having emails

(In reply to comment #1)

E-mail address is used as login, and is how bugzilla is built around users
having emails

See discussion at https://bugzilla.mozilla.org/show_bug.cgi?id=425663#c23

I personally think integrating CentralAuth and BZ is a horrible waste of time. I'd much rather see us use something like OpenID for our SUL purposes, rather than hacking more crap into CA.

  • This bug has been marked as a duplicate of bug 148 ***