Hello, Am Dienstag, 3. August 2010 schrieb Marcus Rueckert:
1. there is a bug icon on the show project page, which gives you a nice "report a bug" link with the important fields prefilled already. This even works without logging in!
Well, it will require a login in bugzilla ;-) The bad thing is that the "report a bug" link exposes mail adresses to spammers :-( The link looks like this: (line breaks added for readability, mail address changed) <a href="https://bugzilla.novell.com/enter_bug.cgi?classification=7340&; product=openSUSE.org&component=3rd%20party%20software& assigned_to=foo@example.com <---------------- spammer food &short_desc=home:cboltz:%20Bug"> I see two options to make this link spammer-proof: a) easy to implement: show it only after login (downside: it makes it harder for an average user to report a bug) b) more implementation work, but user-friendly: place a script on bugzilla.novell.com that can "translate" usernames to mail addresses, so that the link can look like this: https://bugzilla.novell.com/enter_obs_bug.cgi? assigned_to=cboltz <----------- username instead of mail address &short_desc=home:cboltz:%20Bug"> The username is useless for spammers. Problem solved. Additionally the link can be shorter because some parameters are equal on all OBS projects. The enter_obs_bug.cgi script has to do the following things: 1. enforce bugzilla login 2. look up the mail address for the given username 3. redirect to enter_bug.cgi with the correct parameters, including the mail address for assigned_to=... Regards, Christian Boltz --
The kernel will stay the same between SUSE Linux 10.1 and SLE10 - it just might be that we release them at different days, Good. Let the SLED customers test it for us first ;) [> Andreas Jaeger and Martin Schlander in opensuse] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org