Bug 193396 - Ability of new users to set CC's can potentially be abused
Summary: Ability of new users to set CC's can potentially be abused
Status: Open
Alias: None
Product: Services
Classification: Unclassified
Component: Bug Tracker (show other bugs)
Version: unspecified
Hardware: Any Any
: --- Affects Some People
Assignee: Kubilay Kocak
URL:
Keywords: feature, needs-qa
Depends on:
Blocks:
 
Reported: 2014-09-06 14:36 UTC by Ian Smith
Modified: 2022-10-28 03:18 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Smith 2014-09-06 14:36:19 UTC
First time users of bugzilla can submit a lot of reports and assign CCs to (in this case) freebsd-stable@freebsd.org.  Today we have 25+ messages in stable@ from one submitter who has not previously (since May) posted in any of the dozen or so lists I take, all of which, including replies, are from this one submitter.

Without someone first assigning new reports, from new subscribers, the potential to sign up with the (encouraged!) throw-away *mail address, and spam the heck out of who knows how many lists seems pretty obviously open to abuse.

I don't know - and don't have time to learn - bugzilla setup, but if there is some way that new subscribers can have their 'mayCC' bit withheld until at least one or two of their posts have been assigned as ok by a human, that would limit the potential for abuse or just cluelessness considerably.

cheers, Ian
Comment 1 Ian Smith 2014-09-06 15:12:42 UTC
Keyword: feature as requested.
Comment 2 Marcus von Appen freebsd_committer freebsd_triage 2014-09-09 06:50:43 UTC
bugmeister considers this to be a single case for the moment and won't take action. If this should become a reoccurring issue, we will think again about the current access model for new subscribers.

I'll reject this for now (just to get it from the radar) and we can reopen the issue, if similar cases are noticed.
Comment 3 Ian Smith 2014-09-09 12:33:31 UTC
Fair enough, thanks.
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2014-09-09 20:43:33 UTC
Apologies, I forgot to let the team know I had requested this issue be created, that I plan to look into. 

Lowering priority to move it away from the top of the bugmeister list and assign to myself
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2022-10-26 01:03:37 UTC
While implementation may not belong in the existing spam extensions, this and other abuse/signal:noise ratio type issues have at least some minimal overlap to spam/abuse management (see also bug 238813), as the vast majority of those cases are by new users, or users with very few if not zero prior activity.