Red Hat Bugzilla – Bug 5902
Can't cc bug reports to non users
Last modified: 2008-05-01 11:37:52 EDT
I just sent in a bug report, and tried to cc it to a friend who has the same issue. I was unable to do so, because he is not a registered user of bugzilla. While bugzilla is very easy to register for, this definitely seems more of a bug than a feature.
This will be fixed in the next update of Bugzilla. Basically what will happen is when you add a Cc address of a person who doesnt exist, the system will silently create a Bugzilla account and mail out a password to the Cc address. This will solve this problem. The initial user will have to be careful to input a proper address.
Uh, have you considered the security hole that that opens up? Basically I can know exactally when the password goes out, for a person that I select, as long as they are not currently a user.
Dup of bug 2073?
See also http://bugzilla.mozilla.org/show_bug.cgi?id=19057
I agree with the points that were made in that bug report that doing this automatically can be evil in certain ways. It is much easier to make people create account manually if needed. But I am open to suggestions. One way that could work was mentioned when an error is generated to have a link to create the account. But someone could still enter an incorrect email address and polute the database with useless accounts. Added myself to cclist of b.m.o bug report.
This bug should be fixed or unfixed upstream of the Red Hat bugzilla list. There are too many abuses and automated spam programs of other 'open' CGI mail programs that allow for additions without accounts.