On Fri, 2007-02-16 at 21:55 +0100, Axel Thimm wrote:
I have a few times not bothered to report some pretty clear bugs just because I didn't see any easy enough way to do that. Of course that meant that the bug didn't get fixed, but since I was only testing their software (or auditing their sources) I didn't really care about that. For Dovecot I do want bug reports from people like me.
This is for example trac's model. But it has shown to be a failure in that once it became popular enough for spammers to care, it is being abused to beyond recognition. And nowadays trac admins either dump the ticketing part or restrict to registred users (which are non-trivial to register under trac), or use captchas etc.
I was just thinking that I'd want to change Dovecot wiki to allow anonymous edits again, but to avoid spam there could be some simple question in the page that needs to be answered. For example "Type Dovecot in the field below". As long as spambots don't specifically try to spam wiki.dovecot.org (which is unlikely), it's safe.
The same thing could be done with bugs.dovecot.org. And the bugs.dovecot.org could anyway have completely non-bugzilla-like bug reporting interface so that spambots don't even recognize it.
But you can run bugzilla and friends anonymously, if you like. You create an account for that anonymous user and display the info for using it on the "new bug" page.
I don't think I want an anonymous user to be able to create bugs. Maybe what I'm after is an automatic user creation based on the given email address, but the user won't be able to log in before verifying the email. If a user already exists for the given email address, that bug also belongs to that existing user even though no password was asked (but it could mention that it was created anonymously and log the IP).