I wrote: > * if the watched account is not a real person, there are ways for > people to recognize who is watching it (they're unfortunately spammy > since you create a new bug and restrict all the fields to you+it, > which leaves the db w/ an extra bug).
On 10/26/07, James Carlson <[EMAIL PROTECTED]> wrote: > Can you watch who is watching for watchers? ;-} [yes, I see the smile, but I figure it's worth noting pieces] yes and no. watching isn't transitive. so If I watch everyone, and you watch me, and someone watches you, they aren't watching everyone :) -- generally you don't want to get all mail [I do, I filled a gmail account this way -- and then mail started bouncing :( ]. But otherwise, sure, it's just time consuming to repeatedly exploit this. And no, there's no notification that someone has added or remove a watch. So today I might be watching you, and tomorrow, I might not. And yes, anyone abusing bugzilla to probe for watchees will generally be fairly easily recognized because they'll be poking a dead bug in an out of the way component. A quick check shows that adding/removing watches isn't actually logged (most user profile changes aren't logged yet). _______________________________________________ tools-discuss mailing list tools-discuss@opensolaris.org
