On 5/10/07, Philip Olson <[EMAIL PROTECTED]> wrote:
On May 7, 2007, at 8:09 AM, Hannes Magnusson wrote: > On 5/7/07, M.Sokolewicz <[EMAIL PROTECTED]> wrote: >> I've been seeing a lot of notes comming from php- >> [EMAIL PROTECTED], >> and such lately. Most of the notes submitted with that are either >> bogus, >> support-requests, etc. (basically your day-to-day non-useful >> documentation notes). Maybe it would be a good idea to block any >> notes >> comming from @lists.php.net ? >> >> Apart from that, I haven't checked yet, but IMO any notes being >> submitted from an @php.net email adress should be verified / only >> allowed if the user is logged in with that username. >> >> And a third question, where do all the [EMAIL PROTECTED] emails come >> from? >> Clearly those are bogus emails; some notes are correct and useful, >> but >> still... >> >> anyway, your thoughts on this please? > > If I recall correctly: > @osu1.php.net: The user used a name, not email > @lists.php.net: The user left the name/email field empty > > The whole authentication system is being worked on by Philip (notes, > master, pear..) but its way to early to chat about it yet. This is true and it's something we should evaluate. I can't think of a good reason we display php-general@ as a user name and unless there are objections we will stop doing that. We now force an email address here because mail() uses the name as the From: address when sending the note to the php.notes group... this also explains why osu1 is sometimes used as it's the server sending the emails. There is no real validation done beforehand.
These "mail addresses" aren't displayed on phpweb, its only (as you said) the from header in the notes system.. I don't see any problem here.
What to put in its place is unknown at this time but the word "Anonymous" comes to mind. If the users name does not contain a valid email address, we could use something like [EMAIL PROTECTED] as the From while emailing
Why? What is there to gain from it? If the note submitter left the "name/email" field empty the "from" header (in the notes system) becomes "[EMAIL PROTECTED]" but in phpweb nothing will be displayed. If the note submitter wrote a name in that field the "from" header (in the notes system) becomes "name @ osu1.php..." and we display the name on phpweb. I don't see anything broken or wrong here.
php.notes and display Anonymous online (the username used within the notes database). In the future we could also add human checks to view the email address. Not often do we care to see/use it but sometimes people do. So, for example: User enters: [EMAIL PROTECTED] Shown online: [EMAIL PROTECTED] To see: You click on ..., answer captcha But that's another topic. And a concern here is since the notes database is freely available, the above system would not be perfect and might provide a false sense of privacy to users. Unfortunately we can control spam using automated tools but judging the usefulness of a note can only be done by humans. The topic of requiring notes to be approved before going online has come up in the past and I don't remember any specifics but it's always turned down. Let's research
I'd be against it... :)
this and write about it somewhere as a resource to look at when this comes up again. If nobody volunteers I'll add it to the todo list. The new authentication system will allow users to use openid's as their username although it certainly will not be required and of course will still require spam and note quality checks. More on this later as it's not ready to discuss but will be done openly. And lastly one other related topic to think about is the use of keywords and categories for user notes. At some point in the future we will most likely have this so a user might choose "Code", "Support", "Doc Bug", "Tip", Etc. and each action will be dealt with differently. This however
That sounds like a really good idea ! -Hannes
