On Thu, 25 Nov 2004, Heikki Toivonen wrote:
> 3. Either login if you already have an account, or click "create new
> account". Let's assume we need to create a new account...
> 4. Type in a valid email address and click "Create Account"
> 5. [mail] Read email that was sent to the address to get password
> 6. back on in the browser, click "log in here"
> 7. fill in your username and password and click "login"
[snip the rest of useful info on how to post good, healthy, actionable bug
reports]
requiring someone to register to post a bug is harmful in the sense that
you wind up turning off peopl ewho simply can't be bothered to fill out
that info or wish to remain anonymous. while i definitely see the benefit
of forcing registration or even wanting it, i bet you'e losing more bug
reports than you care to imagine this way.
benefits of forcing/encouraging registration include:
- garaunteed line of followup
- reduced spam quantities in bugzilla
- at leasta cutofof "i care enough to ..."
still, you're losing more than you may expect. i know i've failed to file
bug reports (non-security related) for mozilla products due to this "speed
bump". the security@ route is useful, and i'm glad you pointed it out.
this point should be considered by anyone who runs a bug reporting page
for open submissions, you may be doing more harm than benefit.
________
jose nazario, ph.d. jose_at_monkey.org
http://monkey.org/~jose/ http://infosecdaily.net/
Received on Nov 29 2004
Intro
