Bug#391775: Vote for remove

[Thijs Kinkhorst]

On Sat, 2006-12-23 at 22:20 +0100, Christer Mjellem Strand wrote:
 I disagree. Board admins are indeed board admins, but that does not 
 necessarily imply they're equipped to do anything directly in the 
 database. 

I agree that this is a potential problem, but I think that giving
spammers free advertising by default, and thereby encouraging abuse even
more, is a more important problem than having to set up an account for
the board admin in those cases that the admin does not have that
already.

If I were to choose between a smtp server that is an open relay by
default, or one that isn't but requires an extra configuration step in
some cases, I'd definately choose the latter.

 As I said, fully understandable. But I hope it can be looked into
 again after release.

Sure, we will, and I think there's a better solution possible than this
one. We'll work on it, but reverting this solution only swaps one
problem for the other.


Thijs


signature.asc
Description: This is a digitally signed message part

Bug#391775: Vote for remove

[Christer Mjellem Strand]

While I can clearly see the intent with the latest fix in 21-5, and
that it's meant to help, I think it somewhat works against its
purpose.


Thank you for your feedback.

I agree that a fix that also allows for easy expiry/deletion of
spammer accounts has much value. This couldn't be accomplished
without changing the database, which was not opportune at this stage
of the release cycle.


That is fully understandable, and I certainly do appreciate that you 
are doing what you can to combat this huge problem.



I do not agree that the current fix is actually worse. Preventing to
give spammers a free, unblockable platform on any phpbb2 install has a
high priority for me, compared to the risk that not all illegitimate
accounts can be deleted. Since admins are admins already, they can
easily work around this shortcoming by viewing the database through
phpmyadmin, for example.


I disagree. Board admins are indeed board admins, but that does not 
necessarily imply they're equipped to do anything directly in the 
database. It is all but uncommon for hosting environments to offer 
phpBB2 as a service, without necessarily offering DB access to the 
user, or even exposing the database credentials. Even if the user does 
have access to the database in some form, a board admin will not 
necessarily speak enough SQL to do anything useful. Furthermore, 
phpmyadmin might not be available, and phpBB2 supports more DB software 
than just MySQL.


I can see how this patch would be useful to people though, but it 
significantly changes a major part of how the software works. I 
suggest, instead of flat out removing the patch like I first proposed, 
that it be reworked to be optional, instead of being forced onto those 
who don't want it. Ideally it could be made an option available from 
the admin interface, but I think an option in the config file would 
work too, or even a debconf choice. Having to repackage for each new 
release is a bit of a kerfuffle for those who disagree with the 
approach, or otherwise don't want the patch.



In any case, it can't be fixed before etch anymore because of the
freeze.


As I said, fully understandable. But I hope it can be looked into again 
after release.


Thanks again for your fine packaging work, and have a Merry Christmas.

--
 -==-  -=-  -==-
  Christer Mjellem Strand   yitzhaq
  Systems Administrator www.yitzhaq.net
  GSM +47 922 000 12   www.countzero.no
 -==-  -=-  -==-


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#391775: Vote for remove

[Thijs Kinkhorst]

Hi,

On Sun, 2006-12-10 at 20:32 +0100, Christer Mjellem Strand wrote:
 While I can clearly see the intent with the latest fix in 21-5, and 
 that it's meant to help, I think it somewhat works against its purpose.

Thank you for your feedback.

I agree that a fix that also allows for easy expiry/deletion of spammer
accounts has much value. This couldn't be accomplished without changing
the database, which was not opportune at this stage of the release
cycle.

I do not agree that the current fix is actually worse. Preventing to
give spammers a free, unblockable platform on any phpbb2 install has a
high priority for me, compared to the risk that not all illegitimate
accounts can be deleted. Since admins are admins already, they can
easily work around this shortcoming by viewing the database through
phpmyadmin, for example.

In any case, it can't be fixed before etch anymore because of the
freeze.


Thijs


signature.asc
Description: This is a digitally signed message part