Bug 5902

Summary: Can't cc bug reports to non users
Product: [Community] Bugzilla Reporter: tibbetts
Component: Bugzilla GeneralAssignee: David Lawrence <dkl>
Status: CLOSED DEFERRED QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 2.8CC: aleksey, tibbetts
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugzilla.mozilla.org/show_bug.cgi?id=19057
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-01-24 18:40:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description tibbetts 1999-10-12 22:00:01 UTC 
I just sent in a bug report, and tried to cc it to a friend
who has the same issue. I was unable to do so, because he is
not a registered user of bugzilla. While bugzilla is very
easy to register for, this definitely seems more of a bug
than a feature.
Comment 1 David Lawrence 1999-11-04 19:36:59 UTC 
This will be fixed in the next update of Bugzilla. Basically what will
happen is when you add a Cc address of a person who doesnt exist, the
system will silently create a Bugzilla account and mail out a password
to the Cc address. This will solve this problem. The initial user will
have to be careful to input a proper address.
Comment 2 tibbetts 1999-11-04 21:41:59 UTC 
Uh, have you considered the security hole that that opens up?
Basically I can know exactally when the password goes out, for a
person that I select, as long as they are not currently a user.
Comment 3 Aleksey Nogin 2002-11-13 09:56:04 UTC 
Dup of bug 2073?
Comment 4 Aleksey Nogin 2002-11-13 11:38:45 UTC 
See also http://bugzilla.mozilla.org/show_bug.cgi?id=19057
Comment 5 David Lawrence 2002-12-17 21:13:19 UTC 
I agree with the points that were made in that bug report that doing this
automatically can be evil in certain ways. It is much easier to make people
create account manually if needed. But I am open to suggestions. One way that
could work was mentioned when an error is generated to have a link to create the
account. But  someone could still enter an incorrect email address and polute
the database with useless accounts.

Added myself to cclist of b.m.o bug report.
Comment 6 Stephen John Smoogen 2003-01-24 18:40:18 UTC 
This bug should be fixed or unfixed upstream of the Red Hat bugzilla list. There
are too many abuses and automated spam programs of other 'open' CGI mail
programs that allow for additions without accounts.