Launchpad itself

May need to obfuscate email addresses in comments

Bug #60195 reported by Stuart Bishop
22
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Undecided
Unassigned

Bug Description

As bug comments can not be altered, we may need to detect and obfuscate
email addresses. We have already had cases of needing to manually edit bug
comments to address user's privacy concerns.

This bug can be rejected if we allow editing of bug comments.

See original description
Diogo Matsubara (matsubara)
Changed in malone:
status: Unconfirmed → Confirmed
Revision history for this message
Brad Bollenbach (bradb) wrote :

I think allowing comment editing is a good idea.

I also think it'd be good to agree on an LP standard for obfuscating email addresses; I made some suggestions in bug 263.

Diogo Matsubara (matsubara)
description: updated
Revision history for this message
Martin Pool (mbp) wrote :

stevea told me today that Launchpad should never display email addresses to anonymous users or to search engines. At the moment we do that in bug comment text. email addresses can happen when eg someone manually pastes in text from a mail.

Francis J. Lacoste (flacoste)
Changed in launchpad-answers:
importance: Undecided → Medium
status: Unconfirmed → Confirmed
Revision history for this message
Curtis Hovey (sinzui) wrote :

I think we should replace the email address to look like <email address hidden> when the user isn't logged in. I'm not certain if we should be doing this in TALES or in QuestionMessageDisplayView--the former is global to the where as the latter is local to the context.

Revision history for this message
Francis J. Lacoste (flacoste) wrote : Re: [Bug 60195] Re: May need to obfuscate email addresses in comments

On May 9, 2007, Curtis Hovey wrote:
> I think we should replace the email address to look like
> <email address hidden> when the user isn't logged in. I'm not certain if we
> should be doing this in TALES or in QuestionMessageDisplayView--the
> former is global to the where as the latter is local to the context.
>
 I think it would be best to implement in the function use to render the text
that already convert bug numbers and URI-looking strings into hyperlinks.
That would fix the problem for bugs and for changelog content (and future
users of that function).

Revision history for this message
suntin (gerard-payne) wrote : UNSUBSCRIBE

On Wed, 2007-05-09 at 19:53 +0000, Curtis Hovey wrote:
> I think we should replace the email address to look like
> <email address hidden> when the user isn't logged in. I'm not certain if we
> should be doing this in TALES or in QuestionMessageDisplayView--the
> former is global to the where as the latter is local to the context.
>

Revision history for this message
suntin (gerard-payne) wrote : Re: [Bug 60195] UNSUBSCRIBE

meh, guess you have to unsubscribe from the website ;P

But, on this subject; I think it's best not to print anything except the
users login name.
For myself if people want to talk to me I would rather they did so
through the forum, I don't mind administrators but I don't want the
general public to have that kind of information, I also don't want my
future skills judged by questions I asked 5 years ago because there are
identifiable links to me.
This has happened in job interviews where questions I asked as a student
were queried years later when I could have answered it in my sleep.

I also feel, in this case where I subscribed under my company mail that
there is a chance problems queried could be related to poor
configuration and expose commercial site flaws to malicious users.

That point could be extended to these mailing lists which also expose
the mail address of people in the thread.

Just my 2 pennies.

G

On Thu, 2007-05-10 at 03:43 +0000, suntin wrote:
> On Wed, 2007-05-09 at 19:53 +0000, Curtis Hovey wrote:
> > I think we should replace the email address to look like
> > <email address hidden> when the user isn't logged in. I'm not certain if we
> > should be doing this in TALES or in QuestionMessageDisplayView--the
> > former is global to the where as the latter is local to the context.
> >
>

Francis J. Lacoste (flacoste)
Changed in launchpad-answers:
assignee: nobody → sinzui-is
Curtis Hovey (sinzui)
Changed in launchpad-answers:
status: Confirmed → In Progress
Revision history for this message
Curtis Hovey (sinzui) wrote :

My branch to fix this is in review. Unauthenticated users will see <email address hidden> in bug and question messages.

Revision history for this message
Martin Pool (mbp) wrote : Re: [Bug 60195] Re: May need to obfuscate email addresses in comments

On 6/15/07, Curtis Hovey <email address hidden> wrote:
> My branch to fix this is in review. Unauthenticated users will see
> <email address hidden> in bug and question messages.

Thankyou for fixing it. I would have suggested "person@....." but
maybe this is bikeshedding as I can't really substantiate it.

--
Martin

Revision history for this message
Curtis Hovey (sinzui) wrote :

Fixed in RF 4403.

Changed in launchpad-answers:
status: In Progress → Fix Committed
Curtis Hovey (sinzui)
Changed in malone:
assignee: nobody → sinzui-is
status: Confirmed → Fix Committed
Revision history for this message
Curtis Hovey (sinzui) wrote :

Fix released with Launchpad 1.1.6.

Changed in launchpad-answers:
status: Fix Committed → Fix Released
Changed in malone:
status: Fix Committed → Fix Released
Curtis Hovey (sinzui)
Changed in launchpad:
assignee: Curtis Hovey (sinzui) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.