Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Alias (5735)

  (email not shown publicly)

Journal of Alias (5735)

Thursday August 17, 2006
06:13 PM

Can anyone out there fix public rt.cpan bug reports :(

[ #30679 ]

Recently I went to file a bug on a CPAN module (which I generally just do as anonymous to save time) only to find that rt.cpan will no longer accept anonymous bug reports via the web interface.

This makes the bug tracker links I've left in 90-odd modules pointing to the anonymous bug reporting next to useles, because when someone uses the link on the web documentation to report a bug, they are then told to sod off (to oversimplify the situation) and write an anonymous email instead.

After emailing Best Practical to ask why they had shut this down, I was told that they were unable to stop spam coming in via the web interface, and had decided to just shut down anonymous bug reporting altogether.

Users trying to report bugs through the RT.cpan public web interface now either have to report only via email, or instead get a third party ("Bitcard", something they will never have heard of) account to report a bug.

Apart from the irony of having to use anonymous email instead of a web interface due to spam reasons, I found this rather annoying additionally because we now no longer get severity or version metadata for bug reports.

Experience with trying to host projects in Source Forge has shown that the rates of contribution by users falls dramatically as soon as you make them do any work.

People are busy, they don't want to have to evaluate whether they should trust this "bitcard" thing or not (I personally may know what it is, but they won't) or open a seperate program and carefully type in the cryptic (for a normal user) email address.

More than likely, it's just more thinking and work and they'll bail out, which was exactly the same result I was asking people to submit patches via CVS.

People that want to help should have to do as little work as possible. For every additional step of thinking or click, or bit of work, you lose 10% or so from the people willing to deal with it.

But although Best Practical doesn't plan to bring back the public web bug reporting, they have said they are open to implementing a solution if we can find one.

So does anyone have any ideas, or want to volunteer to find a solution?

Can we transparently sign people up for a bitcard account at the same time as they submit the bug? Can we integrate with OpenID? Is there some web equivalent to Spam Assasin we can use to prevent web spam?

Can you fix rt.cpan? Anyone?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • It’s not my favourite choice, exactly, but maybe interfacing [] with Akismet [] could solve (most of) the problem for cheap?

  • "People that want to help should have to do as little work as possible. For every additional step of thinking or click, or bit of work, you lose 10% or so from the people willing to deal with it."

    The volume of comment spam was 1) crippling the server and 2) driving module authors away from ever touching the bug tracking system.

    I'd love to have an easy way to allow anonymous perl users to report bugs in CPAN modules. I really would. But given the choice between " offline due to commentspam attack
    • "Nothing short of requiring email verification shuts them down."

      I'm firming up on the idea that if that's what it takes, that's what we do.

      We quarantine their email for $foo minutes, and email them to confirm that the bug report is genuine. Otherwise we drop it.

      It should mean we can still veryify mail addresses without forcing people to sign up to an account.

      Now all we need is somebody to write it :/