From gerv at mozilla.org Fri Nov 15 16:47:02 2013 From: gerv at mozilla.org (Gervase Markham) Date: Fri, 15 Nov 2013 16:47:02 +0000 Subject: Pseudonymity in Bugzilla Message-ID: <9cednV2ygNSbzRvPnZ2dnUVZ_vadnZ2d@mozilla.org> I need to create a Bugzilla instance where all the users are pseudonymous. Specifically, therefore, I need to avoid anyone finding out anyone else's real email address, while still retaining those addresses to send bugmail. (I can set their real names to something pseudonymous; if they want to de-cloak themselves explicitly, that's up to them.) Idea 1 is to alter the "email_filter" function in Bugzilla/Util.pm to output a fake email address, in the same way that it currently outputs only the localpart if the user is not logged in. If this filter is used consistently throughout the templates, that should achieve my goal. Will that work, or is there something I've missed? Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From timello at bugzilla.org Sat Nov 16 02:17:06 2013 From: timello at bugzilla.org (Tiago Mello) Date: Sat, 16 Nov 2013 00:17:06 -0200 Subject: Pseudonymity in Bugzilla In-Reply-To: <9cednV2ygNSbzRvPnZ2dnUVZ_vadnZ2d@mozilla.org> References: <9cednV2ygNSbzRvPnZ2dnUVZ_vadnZ2d@mozilla.org> Message-ID: I have implemented something like that as an extension... Not sure if it address all your needs... But it worths a quick look. https://github.com/timello/AntiSpam timello On Fri, Nov 15, 2013 at 2:47 PM, Gervase Markham wrote: > I need to create a Bugzilla instance where all the users are > pseudonymous. Specifically, therefore, I need to avoid anyone finding > out anyone else's real email address, while still retaining those > addresses to send bugmail. (I can set their real names to something > pseudonymous; if they want to de-cloak themselves explicitly, that's up > to them.) > > Idea 1 is to alter the "email_filter" function in Bugzilla/Util.pm to > output a fake email address, in the same way that it currently outputs > only the localpart if the user is not logged in. If this filter is used > consistently throughout the templates, that should achieve my goal. > > Will that work, or is there something I've missed? > > Gerv > _______________________________________________ > dev-apps-bugzilla mailing list > dev-apps-bugzilla at lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-apps-bugzilla > - > To view or change your list settings, click here: > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sgreen at redhat.com Sun Nov 17 00:37:28 2013 From: sgreen at redhat.com (Simon Green) Date: Sun, 17 Nov 2013 10:37:28 +1000 Subject: Pseudonymity in Bugzilla In-Reply-To: <9cednV2ygNSbzRvPnZ2dnUVZ_vadnZ2d@mozilla.org> References: <9cednV2ygNSbzRvPnZ2dnUVZ_vadnZ2d@mozilla.org> Message-ID: <52880FC8.8050803@redhat.com> On 16/11/13 02:47, Gervase Markham wrote: > I need to create a Bugzilla instance where all the users are > pseudonymous. Specifically, therefore, I need to avoid anyone finding > out anyone else's real email address, while still retaining those > addresses to send bugmail. (I can set their real names to something > pseudonymous; if they want to de-cloak themselves explicitly, that's up > to them.) > > Idea 1 is to alter the "email_filter" function in Bugzilla/Util.pm to > output a fake email address, in the same way that it currently outputs > only the localpart if the user is not logged in. If this filter is used > consistently throughout the templates, that should achieve my goal. > > Will that work, or is there something I've missed? There are definitely other places that display the user's real e-mail address. Of the top of my heads, the code in Bugzilla::WebService::Bug's _bug_to_hash needs to be changed. if (filter_wants $params, 'assigned_to') { $item{'assigned_to'} = $self->type('email', $bug->assigned_to->login); } -- Regards, Simon Green Software Engineer Red Hat Asia Pacific Pty Ltd From gerv at mozilla.org Mon Nov 18 16:08:02 2013 From: gerv at mozilla.org (Gervase Markham) Date: Mon, 18 Nov 2013 16:08:02 +0000 Subject: Pseudonymity in Bugzilla In-Reply-To: References: <9cednV2ygNSbzRvPnZ2dnUVZ_vadnZ2d@mozilla.org> Message-ID: Hi timello, On 16/11/13 02:17, Tiago Mello wrote: > I have implemented something like that as an extension... Not sure if it > address all your needs... But it worths a quick look. > > https://github.com/timello/AntiSpam Wow, that looks like a lot of work... Did you try fixing the problem further "upstream", but getting $user->email to return the obfuscated value? Given that we have the "emailsuffix" capability, and the "only show email when logged in" capability, surely those two things can be abused to do what you were trying without having to write a specific hack for every template which uses email addresses? Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From timello at bugzilla.org Mon Nov 18 16:22:47 2013 From: timello at bugzilla.org (Tiago Mello) Date: Mon, 18 Nov 2013 14:22:47 -0200 Subject: Pseudonymity in Bugzilla In-Reply-To: References: <9cednV2ygNSbzRvPnZ2dnUVZ_vadnZ2d@mozilla.org>

Message-ID: Hey Gerv, On Mon, Nov 18, 2013 at 2:08 PM, Gervase Markham wrote: > Hi timello, > > On 16/11/13 02:17, Tiago Mello wrote: > > I have implemented something like that as an extension... Not sure if it > > address all your needs... But it worths a quick look. > > > > https://github.com/timello/AntiSpam > > Wow, that looks like a lot of work... Did you try fixing the problem > further "upstream", but getting $user->email to return the obfuscated > value? > I didn't. It has been a while since I started working on that extension but maybe the reason was that I needed that feature asap and it was faster at that time to write it as an extension. > > Given that we have the "emailsuffix" capability, and the "only show > email when logged in" capability, surely those two things can be abused > to do what you were trying without having to write a specific hack for > every template which uses email addresses? To be honest. I don't recall why I implemented it that way... it must have a reason... :) Maybe, today, we can implement it better and I totally agree that this feature should be brought upstream. Tiago -------------- next part -------------- An HTML attachment was scrubbed... URL: From gerv at mozilla.org Wed Nov 27 12:57:58 2013 From: gerv at mozilla.org (Gervase Markham) Date: Wed, 27 Nov 2013 12:57:58 +0000 Subject: Bugzilla::User methods for obtaining user ID info Message-ID: Hi everyone, Bugzilla::User has a variety of methods which return information about the user: name(): returns the real name, the DB 'realname' value. login(): returns the DB 'login_name' value. email(): returns the value of login() plus the emailsuffix. identity(): returns the string "name() ". nick(): returns the part of login before the @ sign. Is there documentation anywhere about the appropriate context in which to use each of these? http://www.bugzilla.org/docs/4.4/en/html/api/Bugzilla/User.html#Other_Methods does not give much of a clue, although it hints that perhaps login() and email() are distinct because one could have login names which were not email-based. It seems that sometimes in the code and templates, login() is used, and sometimes email() is used. I would expect perhaps email() to be used only when we were sending email, but that's not the case. I would like to get some clarity on which of these should be used in which context, and see if we can update the code to match. Does anyone have any insight from history? Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From lpsolit at gmail.com Wed Nov 27 13:20:47 2013 From: lpsolit at gmail.com (=?ISO-8859-1?Q?Fr=E9d=E9ric_Buclin?=) Date: Wed, 27 Nov 2013 14:20:47 +0100 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References: Message-ID: <5295F1AF.1060407@gmail.com> Le 27. 11. 13 13:57, Gervase Markham a ?crit : > name(): returns the real name, the DB 'realname' value. Used when you want only the real name to be displayed, e.g. commenters in bug reports. It's mostly a UI thing. > login(): returns the DB 'login_name' value. Used to identify user accounts. login_name is enforced to be unique in the DB and so 2 users cannot have the same login. This attribute is used when you enter your login + password or when you use the autocompletion feature. That's what other logged in users will see. > email(): returns the value of login() plus the emailsuffix. Used internally to send emails. If emailsuffix is empty, then it exactly matches login(). Else it's appended to login_name to form the complete email address. Users should never see nor access it, at least from the web UI (one would have to check if User.get returns this attribute or not). > identity(): returns the string "name() ". It's a UI thing only, used both in the web UI and in emails. > nick(): returns the part of login before the @ sign. For logged in users, used mostly for flag setters and requesters, to keep it short. For logged out users, used everywhere in place of login(), to not disclose the email address (as most of the time, emailsuffix is empty). LpSolit From gerv at mozilla.org Wed Nov 27 13:47:09 2013 From: gerv at mozilla.org (Gervase Markham) Date: Wed, 27 Nov 2013 13:47:09 +0000 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: On 27/11/13 13:20, Fr?d?ric Buclin wrote: >> email(): returns the value of login() plus the emailsuffix. > > Used internally to send emails. If emailsuffix is empty, then it exactly > matches login(). Else it's appended to login_name to form the complete > email address. Users should never see nor access it, at least from the > web UI (one would have to check if User.get returns this attribute or not). OK. So if a template says: ... that's wrong? It should be: ... ? I would be very happy if we changed things so that email() is only used internally to send emails (because it would make my pseudonymity extension work properly) and I'm happy to prepare a patch, but that's not the case today. Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From lpsolit at gmail.com Wed Nov 27 14:10:09 2013 From: lpsolit at gmail.com (=?UTF-8?B?RnLDqWTDqXJpYyBCdWNsaW4=?=) Date: Wed, 27 Nov 2013 15:10:09 +0100 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: <5295FD41.20102@gmail.com> Le 27. 11. 13 14:47, Gervase Markham a ?crit : > OK. So if a template says: > >

... > > that's wrong? It should be: > > ... No. mailto: must point to a valid email address. When you click that link, how do you expect your email client to append emailsuffix itself? user.email is really what we want as mailto: is used to send emails. LpSolit From gerv at mozilla.org Wed Nov 27 14:33:50 2013 From: gerv at mozilla.org (Gervase Markham) Date: Wed, 27 Nov 2013 14:33:50 +0000 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: On 27/11/13 14:10, Fr?d?ric Buclin wrote: > No. mailto: must point to a valid email address. When you click that > link, how do you expect your email client to append emailsuffix itself? > user.email is really what we want as mailto: is used to send emails. But earlier you said about email(): "Users should never see nor access it, at least from the web UI (one would have to check if User.get returns this attribute or not)." How do I reconcile these two statements? Which one is wrong? Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From lpsolit at gmail.com Wed Nov 27 14:41:51 2013 From: lpsolit at gmail.com (=?UTF-8?B?RnLDqWTDqXJpYyBCdWNsaW4=?=) Date: Wed, 27 Nov 2013 15:41:51 +0100 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: <529604AF.9030700@gmail.com> Le 27. 11. 13 15:33, Gervase Markham a ?crit : > "Users should never see nor access it, at least from the web UI (one > would have to check if User.get returns this attribute or not)." > > How do I reconcile these two statements? Which one is wrong? The email address is not displayed in the UI, it's used to build a URL. The URL itself is not displayed in the UI, only its link is. Maybe "never see" is more exact than "nor access". In my sentence above, I really meant that we should never display the full email address, not that it can never be used. Unrelated to your question, I always thought it was a bad idea to include these mailto: links for commenters. I hate when someone writes to me directly to ask questions (generally, support questions related to the bug). I would much prefer that questions remains in the bug itself or be moved to the support mailing-list. LpSolit From gerv at mozilla.org Wed Nov 27 14:53:18 2013 From: gerv at mozilla.org (Gervase Markham) Date: Wed, 27 Nov 2013 14:53:18 +0000 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: On 27/11/13 14:41, Fr?d?ric Buclin wrote: > The email address is not displayed in the UI, it's used to build a URL. > The URL itself is not displayed in the UI, only its link is. Maybe > "never see" is more exact than "nor access". In my sentence above, I > really meant that we should never display the full email address, not > that it can never be used. OK. So: I want to make it possible for Bugzilla, either as an option or using an extension, to conceal a user's email address entirely. > Unrelated to your question, I always thought it was a bad idea to > include these mailto: links for commenters. I hate when someone writes > to me directly to ask questions (generally, support questions related to > the bug). I would much prefer that questions remains in the bug itself > or be moved to the support mailing-list. If we were to remove such links, then I think it would be possible to move to a situation where email() was only used for sending email (and one user's email was never given to another user in any way), and login() was used for everything else. That would make my goal possible. Are you in support of making that change? If not, perhaps we could have the User object have a (better-named) email_for_display() and email_for_sending() methods, and a Pseudonymity extension could override one and not the other. Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From lpsolit at gmail.com Wed Nov 27 15:03:02 2013 From: lpsolit at gmail.com (=?UTF-8?B?RnLDqWTDqXJpYyBCdWNsaW4=?=) Date: Wed, 27 Nov 2013 16:03:02 +0100 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: <529609A6.9060403@gmail.com> Le 27. 11. 13 15:53, Gervase Markham a ?crit : > Are you in support of making that change? Of course I am, for the reason I gave in my previous message. :) But do not forget I'm no longer the person to ask as I resigned my role as assistant project lead a few months ago. :) You should ask justdave. > If not, perhaps we could have the User object have a (better-named) > email_for_display() and email_for_sending() methods Oh please no. An email address is an email address. No need for two separate methods. This would cause too much confusion. You remember we already have bugs 163551 and 218917, right? LpSolit From gerv at mozilla.org Wed Nov 27 15:32:28 2013 From: gerv at mozilla.org (Gervase Markham) Date: Wed, 27 Nov 2013 15:32:28 +0000 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: On 27/11/13 15:03, Fr?d?ric Buclin wrote: > Of course I am, for the reason I gave in my previous message. :) But do > not forget I'm no longer the person to ask as I resigned my role as > assistant project lead a few months ago. :) You should ask justdave. I had not forgotten :-) > You remember we already have bugs 163551 and 218917, right? I wasn't aware of those bugs. Reading them, I'm sad about the stop energy. But OK, this is a bit more complicated than it looks at first glance. Going back to first principles, what do we actually need? * email: an unique actual email address we can send mail to * login: some unique string used to identify accounts and log in * name: The user's human-readable name * nick: a short non-unique string for flags etc. Where does extern_id fit in? Max thought that, in the above scheme, it's actually the same thing as "login". Is that true in all circumstances? Could we convert emailsuffix to something which was applied at account creation time (i.e. used while populating the "email" field), rather than at every email send? Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From denis.roy at eclipse.org Wed Nov 27 15:41:36 2013 From: denis.roy at eclipse.org (Denis Roy) Date: Wed, 27 Nov 2013 10:41:36 -0500 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: <529612B0.2040403@eclipse.org> On 11/27/2013 10:32 AM, Gervase Markham wrote: > Where does extern_id fit in? Max thought that, in the above scheme, > it's actually the same thing as "login". I thought extern_id was used for sites that use different authentication mechanisms. We use it to store the LDAP uid. Denis From gerv at mozilla.org Wed Nov 27 15:46:36 2013 From: gerv at mozilla.org (Gervase Markham) Date: Wed, 27 Nov 2013 15:46:36 +0000 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: On 27/11/13 15:41, Denis Roy wrote: > I thought extern_id was used for sites that use different authentication > mechanisms. We use it to store the LDAP uid. Right. I believe Max's point is if "login" no longer has to be an email address, but it's just a unique account identifier, then it's effectively got the same semantics as extern_id. I'm not sure he's right, but that's his argument. Can your users also log in using their email address, or only using the LDAP-backed method? Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From denis.roy at eclipse.org Wed Nov 27 15:58:07 2013 From: denis.roy at eclipse.org (Denis Roy) Date: Wed, 27 Nov 2013 10:58:07 -0500 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: <5296168F.2040303@eclipse.org> On 11/27/2013 10:46 AM, Gervase Markham wrote: > On 27/11/13 15:41, Denis Roy wrote: >> I thought extern_id was used for sites that use different authentication >> mechanisms. We use it to store the LDAP uid. > Right. I believe Max's point is if "login" no longer has to be an email > address, but it's just a unique account identifier, then it's > effectively got the same semantics as extern_id. Gotcha. > I'm not sure he's right, but that's his argument. > > Can your users also log in using their email address, or only using the > LDAP-backed method? We've configured Bugzilla to use the "mail" attribute to login, since they were used to doing that with Bugzilla already. In fact, we use the mail attribute for just about everything that pertains to login. Bugzilla automatically stores the uid in extern_id I believe, which is quite handy. Denis From emmanuel at seyman.fr Wed Nov 27 22:14:27 2013 From: emmanuel at seyman.fr (Emmanuel Seyman) Date: Wed, 27 Nov 2013 23:14:27 +0100 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: <20131127221427.GA23488@orient> * Gervase Markham [27/11/2013 15:46] : > > Can your users also log in using their email address, or only using the > LDAP-backed method? if you set user_verify_class to 'LDAP,DB', your users can login with either LDAP or by using their already-created Bugzilla account. Emmanuel _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From emmanuel at seyman.fr Wed Nov 27 22:20:55 2013 From: emmanuel at seyman.fr (Emmanuel Seyman) Date: Wed, 27 Nov 2013 23:20:55 +0100 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: <5296168F.2040303@eclipse.org> References:

<5296168F.2040303@eclipse.org> Message-ID: <20131127222055.GB23488@orient> * Denis Roy [27/11/2013 10:58] : > > Bugzilla automatically stores the uid in extern_id I believe, which > is quite handy. Bugzilla does not know what the uid attribut is (nor should it). extern_id should always contain whatever the user used as a login. Emmanuel _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From gerv at mozilla.org Thu Nov 28 09:27:39 2013 From: gerv at mozilla.org (Gervase Markham) Date: Thu, 28 Nov 2013 09:27:39 +0000 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: References:

Message-ID: <2qmdnfrMQfgWkQrPnZ2dnUVZ_vudnZ2d@mozilla.org> On 27/11/13 22:14, Emmanuel Seyman wrote: > if you set user_verify_class to 'LDAP,DB', your users can login with > either LDAP or by using their already-created Bugzilla account. OK. So it sounds like we need both "login" (for Bugzilla's DB-based login) and "extern_id" (for LDAP or some other external auth mechanism). Gerv _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From gerv at mozilla.org Thu Nov 28 13:29:58 2013 From: gerv at mozilla.org (Gervase Markham) Date: Thu, 28 Nov 2013 13:29:58 +0000 Subject: Email privacy Message-ID: <4NmdnVZoUojL2ArPnZ2dnUVZ_qGdnZ2d@mozilla.org> I have a need for a Bugzilla which implements email privacy, and I'd like to write an upstreamable patch to do it. Can people please review my design? The last attempt by wurblzap died: https://bugzilla.mozilla.org/show_bug.cgi?id=425663 [0] on the grounds of what seems to me to be an incorrect objection involving extern_id. I plan to implement this: https://wiki.mozilla.org/Bugzilla:Email_Change_Design which follows what he did pretty closely. It's not a long document; can people take 5 minutes to glance over it and make sure the semantics are what they expect? I'd much rather have feedback of that sort now than after I've taken the effort to write/update the patch. Gerv [0] ...and the other dependencies of https://bugzilla.mozilla.org/show_bug.cgi?id=218917 _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla From denis.roy at eclipse.org Thu Nov 28 13:58:25 2013 From: denis.roy at eclipse.org (Denis Roy) Date: Thu, 28 Nov 2013 08:58:25 -0500 Subject: Bugzilla::User methods for obtaining user ID info In-Reply-To: <20131127222055.GB23488@orient> References:

<5296168F.2040303@eclipse.org> <20131127222055.GB23488@orient> Message-ID: <52974C01.4050000@eclipse.org> On 11/27/2013 05:20 PM, Emmanuel Seyman wrote: > * Denis Roy [27/11/2013 10:58] : >> Bugzilla automatically stores the uid in extern_id I believe, which >> is quite handy. > Bugzilla does not know what the uid attribut is (nor should it). > extern_id should always contain whatever the user used as a login. Yes, you are correct, it stores the email address since we use that attribute to authenticate. On another private Bugzilla system we use extern_id to link to an external (to Bugzilla) authentication source. Denis _______________________________________________ dev-apps-bugzilla mailing list dev-apps-bugzilla at lists.mozilla.org https://lists.mozilla.org/listinfo/dev-apps-bugzilla