Bug 139314

Summary: Bugzilla / account registration too vulnerable for spammers
Product: QA Tools Reporter: Matthijs <bugs.documentfoundation.org>
Component: GeneralAssignee: Not Assigned <libreoffice-bugs>
Status: RESOLVED WONTFIX    
Severity: normal CC: bugs.documentfoundation.org, ilmari.lauhakangas, telesto
Priority: medium    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
Crash report or crash signature: Regression By:

Description Matthijs 2020-12-30 09:44:00 UTC 
See https://bugs.documentfoundation.org/show_bug.cgi?id=35092 for example - comments 19-64 (and counting) are ALL spam. Apparently, the current state of the Bugzilla implementation allows spammers to automatically create fake accounts (or use compromised accounts) and start spamming away. Please implement additional anti-spam and / or security measures to prevent this as much as possible.
Comment 1 Buovjaga 2020-12-30 13:52:23 UTC 
Bugzilla 6 will have antispam functionality
Comment 2 Matthijs 2020-12-30 20:53:41 UTC 
(In reply to Buovjaga from comment #1)
> Bugzilla 6 will have antispam functionality

Thanks Buovjaga for your response. Great that Bugzilla 6 will have antispam functionality. Any idea when Bugzilla 6 will be implemented?
Comment 3 Buovjaga 2020-12-30 23:27:53 UTC 
(In reply to Matthijs from comment #2)
> (In reply to Buovjaga from comment #1)
> > Bugzilla 6 will have antispam functionality
> 
> Thanks Buovjaga for your response. Great that Bugzilla 6 will have antispam
> functionality. Any idea when Bugzilla 6 will be implemented?

It's a long and painful story (at least how I feel after all this waiting). BZ 6 has been ready for a long time, but tangled in Mozilla's fork. Now, thanks to the  harmonising efforts of very dedicated individuals over the years, both in hired & volunteer capacity, it is close to a release.

The release is basically waiting for the final polish and validation of this database schema migration code: https://github.com/bugzilla/harmony/pull/52