OpenID yadda yadda yadda...
Ben Finney
bignose+hates-spam at benfinney.id.au
Wed Mar 18 04:01:32 GMT 2009
James Henstridge <james at jamesh.id.au> writes:
> On Thu, Mar 12, 2009 at 7:01 AM, Ben Finney
> <bignose+hates-spam at benfinney.id.au> wrote:
> > Or even if one could participate entirely via email without
> > setting up any explicit site-specific account, just as one can
> > with e.g. the Debian bug tracker.
>
> And Debian has to put in a fair bit of work to ensure that spam
> doesn't make its way into the system. Registration is one of the
> ways that Launchpad uses to reduce the impact of spam (it certainly
> doesn't stop all cases, but it does make a difference and helps in
> clean up). Launchpad certainly isn't alone in this regard.
>
> Furthermore, lack of registration and authenticated access means
> that I only need to forge an email to perform actions on your behalf
> in debbugs.
Which Debian's BTS will then send notification about to the very same
email address, so anyone who checks their email will know whether
that's happened to them. So, while it doesn't prevent the fraud, it
makes it easy to detect, which is a significant deterrent as well as
enabling the victim to address the problem promptly.
I'm not saying either Launchpad or the Debian BTS is perfect. I'm
presenting the case that it's evidently quite feasible to run a
successful BTS without any registration step for participation.
--
\ “Know what I hate most? Rhetorical questions.” —Henry N. Camp |
`\ |
_o__) |
Ben Finney
More information about the bazaar
mailing list