I'd like to have some security against reporting as somebody else.
Currently one can report or comment anonymously and mark reporter as
core committer. This is too easy to abuse. +1 for requiring login. At
least force anonymous reports to be anonymous.
- Anssi
On 03/04/2014 09:24 AM, Marc Tamlyn wrote:
+1 to github oauth and requiring login. Having github auth, especially
for new reports is very useful and would help to tie together when
people use different names.
Marc
On 3 Mar 2014 23:44, "Russell Keith-Magee" <[email protected]
<mailto:[email protected]>> wrote:
On Mon, Mar 3, 2014 at 10:17 PM, Tim Graham <[email protected]
<mailto:[email protected]>> wrote:
There's been some discussion on ticket #22067
<https://code.djangoproject.com/ticket/22067> and #django-dev
about requiring Trac login to help cut down on spam and
generally improve the quality of the discussion.
Claude: I think that forcing registration would be fine. It
adds a small barrier to reporting bugs, but I think it's
acceptable, and many projects have already chosen to do so.
me: I'm in favor of requiring registration as well. When I
posed this on IRC, Aymeric mentioned: "BDFLs were very
attached to the ability to report issues without creating an
account." On the other hand, we've seen anonymously reported
issues where we respond and don't know if the reporter will
ever respond since they won't be notified of our response.
There also a fair number of comments and other changes that
are accidentally made anonymously which results in some extra
noise.
I completely agree that the spam is well out of control, and we
need to do *something*.
Providing the historical perspective (get off my lawn, you kids!
:-) - we didn't enforce registration because we wanted to make
sure the barrier to contribution was as low as possible. If
someone finds a bug and they work up the courage to lodge a
ticket, they don't care about our process - they just want to
contribute. Every hoop we make them jump through is one more
chance that they'll walk away without providing their feedback.
And the feedback of people who are brand new to the project is
often the most valuable, because it shows you where the cognitive
dissonance lies in your tutorial and documentation.
This was especially true in the early days, when we weren't a huge
project. In those days, every new contributor was gold, and to
that end, *any* bug report was worthwhile. On top of that, in the
early days the bugs that did exist were obvious enough that with a
bit of a poke in the general direction, someone else could
probably triage them.
This decision was then reinforced by the number of people who had
problems with the Trac login process. I don't know if it's because
we've got it configured wrong, or if it's just inherently bad
(it's been over 8 years since I created my account, so I don't
remember my initial experience), but there's been a constant
undercurrent of "My trac signup didn't work" messages on
django-dev for as long as I can remember.
Of course, new contributors are still gold, and we shouldn't do
anything that will discourage contributions, but we have a little
more momentum now.
If you believe the "create an account" barrier is a problem,
do you think adding something like GitHub auth to Trac would
lower the barrier to an acceptable level?
This sounds like a reasonable option to me. Any halfway serious
potential contributor should have a Github account, and it matches
Django's own toolchain. The oAuth process is pretty smooth, so the
problem set is down to "users who are genuinely new to software".
The only other option I can think of would be to do the same thing
that we do with Google Groups - the first post for each
contributor is held for moderation. Of course, in the Google
Groups case, every user is already logged in...
Yours,
Russ Magee %-)
--
You received this message because you are subscribed to the Google
Groups "Django developers" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected]
<mailto:django-developers%[email protected]>.
To post to this group, send email to
[email protected]
<mailto:[email protected]>.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/CAJxq848cSSyOMUh21XEQ%3DkwcdLyCQ9nDYPw40mWiHB7J%3DsLZ%2Bw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google
Groups "Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/CAMwjO1H9pRBx57Oq-zEEXvKoSEita8CpqDsfaWkounX1VMbC9g%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Django
developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/53158338.8070703%40thl.fi.
For more options, visit https://groups.google.com/groups/opt_out.
