On 04/15/11 09:43 PM, Justin C. Walker wrote:
On 15 Apr, 2011, at 13:21 PM, David Kirkby wrote:
On 15 April 2011 17:51, Volker Braun<[email protected]> wrote:
I would think that it is sufficient to only allow non-anonymous email
accounts. For example:
* an institutional address: .edu, .ac.uk, ...
* a sourceforge-address associated to an active project
* an address that has been used to post to google groups before (use
search)
People that want to use their gmail account, say, can still change their
email address on the trac preferences.
Any one of those seem fine - as would be any email from a well known
company (IBM, HP, Boeing, Airbus, Wolfram Research etc).
Not really. You can't rely on mail with this in the header:
From: [email protected]
You have to check the detailed headers to be (somewhat) sure that the 'From'
address is valid. Most spammers either cobble together 'From' (as well as
'To') addresses, and may even forge most (if not all) of the detailed header
content.
Though as long as the account is created for [email protected], it will not result
in any spam to trac. So if [email protected] fakes his email to be
[email protected], only [email protected] could post to trac, not [email protected].
What I would find unacceptable is if some unknown person wants a trac
account for an anonymous account, having never posted to sage-devel or
sage-support.
+1. I think posting to sage-devel/support would have to be a pre-requisite
(why get a trac account otherwise?), RobertB's example notwithstanding. In the
latter case, there may be an alternate approach, but for requests out of the
blue, I can't think of a good reason to do it.
Justin
Legitimate exceptions have been raised - like when one trusted person vouches
for another.
One perfectly reasonable thing for an account manager to do would be a Google
search on any email. If the requested email address has posts on other forums or
lists which are sensible and go back at least a few months, then the chances are
they are not going to spam trac.
I know it can be annoying when you want to post to a forum and unnecessary
obstacles get in the way, so I think we should make account creation as fast as
reasonably practical. But if we just accept any request without some checking,
we might as well get a computer to automatically authorise the accounts.
Dave
--
To post to this group, send an email to [email protected]
To unsubscribe from this group, send an email to
[email protected]
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
