[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41A8D07C.6040400@osafoundation.org>
Date: Sat, 27 Nov 2004 11:07:40 -0800
From: Heikki Toivonen <heikki@...foundation.org>
To: full-disclosure@...ts.netsys.com, vuln-dev@...urityfocus.com,
bugtraq@...urityfocus.com
Subject: Re: FIREFOX flaws: nested array sort() loop Stack
overflow exception
Jose Nazario wrote:
> On Thu, 25 Nov 2004, Heikki Toivonen wrote:
>>3. Either login if you already have an account, or click "create new
>>account". Let's assume we need to create a new account...
>
> requiring someone to register to post a bug is harmful in the sense that
> you wind up turning off peopl ewho simply can't be bothered to fill out
> that info or wish to remain anonymous. while i definitely see the benefit
> of forcing registration or even wanting it, i bet you'e losing more bug
> reports than you care to imagine this way.
You won't be losing anonymity - just create a Bugzilla account on Yahoo!
or some other free email service and use that for Bugzilla mail.
Your post also pointed out the benefits of requiring registration, and I
think they far outweigh the possibility of some bug going unnoticed
since it was not reported. If you receive a bug report but can't
reproduce it, and you can't communicate with the reporter, you can't do
anything but ignore that report.
And if it was not important enough for anyone to register and file the
bug, then maybe it wasn't important enough to fix.
But still, having said all this, the Mozilla Foundation is working on
finding alternative ways for people to file bug reports, and make it easier.
--
Heikki Toivonen
Download attachment "signature.asc" of type "application/pgp-signature" (250 bytes)
Powered by blists - more mailing lists