On May 7, 2007, at 8:09 AM, Hannes Magnusson wrote:
On 5/7/07, M.Sokolewicz <[EMAIL PROTECTED]> wrote:
I've been seeing a lot of notes comming from php-
[EMAIL PROTECTED],
and such lately. Most of the notes submitted with that are either
bogus,
support-requests, etc. (basically your day-to-day non-useful
documentation notes). Maybe it would be a good idea to block any
notes
comming from @lists.php.net ?
Apart from that, I haven't checked yet, but IMO any notes being
submitted from an @php.net email adress should be verified / only
allowed if the user is logged in with that username.
And a third question, where do all the [EMAIL PROTECTED] emails come
from?
Clearly those are bogus emails; some notes are correct and useful,
but
still...
anyway, your thoughts on this please?
If I recall correctly:
@osu1.php.net: The user used a name, not email
@lists.php.net: The user left the name/email field empty
The whole authentication system is being worked on by Philip (notes,
master, pear..) but its way to early to chat about it yet.
This is true and it's something we should evaluate. I can't think of
a good
reason we display php-general@ as a user name and unless there are
objections
we will stop doing that. We now force an email address here because
mail()
uses the name as the From: address when sending the note to the
php.notes
group... this also explains why osu1 is sometimes used as it's the
server
sending the emails. There is no real validation done beforehand.
What to put in its place is unknown at this time but the word
"Anonymous"
comes to mind. If the users name does not contain a valid email
address, we
could use something like [EMAIL PROTECTED] as the From while
emailing
php.notes and display Anonymous online (the username used within the
notes
database). In the future we could also add human checks to view the
email
address. Not often do we care to see/use it but sometimes people do. So,
for example:
User enters: [EMAIL PROTECTED]
Shown online: [EMAIL PROTECTED]
To see: You click on ..., answer captcha
But that's another topic. And a concern here is since the notes database
is freely available, the above system would not be perfect and might
provide
a false sense of privacy to users.
Unfortunately we can control spam using automated tools but judging the
usefulness of a note can only be done by humans. The topic of requiring
notes to be approved before going online has come up in the past and I
don't remember any specifics but it's always turned down. Let's research
this and write about it somewhere as a resource to look at when this
comes up again. If nobody volunteers I'll add it to the todo list.
The new authentication system will allow users to use openid's as their
username although it certainly will not be required and of course will
still require spam and note quality checks. More on this later as it's
not ready to discuss but will be done openly.
And lastly one other related topic to think about is the use of keywords
and categories for user notes. At some point in the future we will most
likely have this so a user might choose "Code", "Support", "Doc Bug",
"Tip", Etc. and each action will be dealt with differently. This however
requires a lot of thought first like "What is a user note?" because it's
complicated and offers many repercussions... it's not a design
decision to
take lightly. Thankfully in the future it will be easier to allow
"outside"
help to for example moderate a ref.section of notes for the manual. Code
actually exists for this task somewhere... but it was never finalized or
used.
The user notes system was revolutionary for its time, a time before
wikis,
blogs, and much user-to-user web interaction but it's a good time to
really
think hard about it and again come up with something revolutionary
and at
the same time have it be maintainable. And the original goal of the user
notes was to help improve the official documentation and this is
something
we should never lose sight of.
Regards,
Philip
