On 16.04.2013 21:16, Joe Dreimann wrote: > On 16 Apr 2013, at 19:53, Branko Čibej <[email protected]> wrote: > >> On 16.04.2013 20:34, Gary Martin wrote: >>> On 16/04/13 19:19, Branko Čibej wrote: >>>> On 16.04.2013 18:59, Joachim Dreimann wrote: >>>>> There seems to be some concern around our current policy of not >>>>> allowing >>>>> anonymous users to report issues, and especially not allowing >>>>> registered >>>>> users to report/edit/comment on tickets by default. >>>>> >>>>> We've had several people speak out in favour of changing this, >>>>> arguing it >>>>> would be for the best of the community. >>>>> >>>>> As a first step I propose that we give all registered users the >>>>> editor_group permissions: >>>>> TICKET_CREATE >>>>> TICKET_EDIT_DESCRIPTION >>>>> TICKET_MODIFY (which implies commenting permissions) >>>>> WIKI_CREATE >>>>> WIKI_MODIFY >>>>> >>>>> This would be done immediately and before implementing >>>>> http://trac.edgewall.org/wiki/SpamFilter or similar unless someone >>>>> volunteers to do so soon. >>>>> >>>>> Any objections? >>>> None at all. >>>> >>>> Regarding registration ... note that issues.apache.org/jira requires it >>>> in order to create or modify tickets. But it's only an e-mail >>>> verification thing. >>>> >>>> Maybe we somehow combine ticket creation and registration (at least >>>> e-mail address submission) into one step? Something along these lines: >>>> the ticket-create dropdown and form would be available to anonymous >>>> users, but before submitting the ticket, we'd ask them to either log in, >>>> or provide an e-mail address -- thus implicitly registering, and we'd >>>> follow that up with e-mail verification. >>>> >>>> I would not allow comments or other ticket modifications from anonymous >>>> users. >>>> >>>> -- Brane >>> Well, it would be useful to allow for comments so that you can ask >>> someone a question about the ticket they raised or get back >>> confirmation that it worked for them if they wanted to. >>> >>> Apart from that, it is a very good question whether that is as odious >>> a process as having to do a capcha. The trick maybe to convince them >>> to still submit the ticket they just wrote out when they have to then >>> go through another few steps to complete. >>> >>> I wonder if it would be possible to have a system to moderate tickets >>> and comments prior to raising for anonymous users? >> The point of not allowing comments from anonymous users is that it's >> kind of hard to figure out who the author is. The same holds for ticket >> submissions; but, if an anonymous submission is accompanied by an e-mail >> address, then at least you have /some/ ID that you can cross-reference >> from. And since submitting a ticket already requires filling in a >> (small) number of fields, adding an e-mail field wouldn't hurt as much >> as for comments. >> >> -- Brane >> > trac.edgewall.org simply shows a section for Author both when commenting and > when creating tickets, asking for the author's email address: > > New ticket: http://trac.edgewall.org/newticket?type=defect > Comment: http://trac.edgewall.org/ticket/65 > > Design wise I see no issues with us doing the same.
Nice. I expect they maintain some sort of identity tracking across requests using cookies? Ah, I see a trac_session cookie, so I guess that's the one we'd use, too. -- Brane -- Branko Čibej Director of Subversion | WANdisco | www.wandisco.com
