lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41A8D07C.6040400@osafoundation.org>
Date: Sat, 27 Nov 2004 11:07:40 -0800
From: Heikki Toivonen <heikki@...foundation.org>
To: full-disclosure@...ts.netsys.com, vuln-dev@...urityfocus.com,
   bugtraq@...urityfocus.com
Subject: Re: FIREFOX flaws: nested array sort() loop Stack
 overflow exception

Jose Nazario wrote:
> On Thu, 25 Nov 2004, Heikki Toivonen wrote:
>>3. Either login if you already have an account, or click "create new
>>account". Let's assume we need to create a new account...
> 
> requiring someone to register to post a bug is harmful in the sense that
> you wind up turning off peopl ewho simply can't be bothered to fill out
> that info or wish to remain anonymous. while i definitely see the benefit
> of forcing registration or even wanting it, i bet you'e losing more bug
> reports than you care to imagine this way.

You won't be losing anonymity - just create a Bugzilla account on Yahoo! 
or some other free email service and use that for Bugzilla mail.

Your post also pointed out the benefits of requiring registration, and I 
think they far outweigh the possibility of some bug going unnoticed 
since it was not reported. If you receive a bug report but can't 
reproduce it, and you can't communicate with the reporter, you can't do 
anything but ignore that report.

And if it was not important enough for anyone to register and file the 
bug, then maybe it wasn't important enough to fix.

But still, having said all this, the Mozilla Foundation is working on 
finding alternative ways for people to file bug reports, and make it easier.

-- 
   Heikki Toivonen


Download attachment "signature.asc" of type "application/pgp-signature" (250 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ