Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lock down bugs.php.net to only developer accounts #114

Closed
damianwadley opened this issue Feb 7, 2023 · 9 comments · Fixed by #120
Closed

Lock down bugs.php.net to only developer accounts #114

damianwadley opened this issue Feb 7, 2023 · 9 comments · Fixed by #120

Comments

@damianwadley
Copy link
Member

Nearly all public activity on bugs.php.net is now spam - which is not a rare occurrence - and most of the remainder is "me too" comments on old bugs.

It's time to pull the trigger on the next stage of transitioning to GitHub Issues: don't allow any further edits, comments, uploads, or other activity except by php.net developer accounts. If there's still "BuT iT's OwNeD bY mIcRoSoFt!!1!" concerns then there could easily be a config flag that enables/disables the lockdown.
@Girgias
Copy link
Member

Girgias commented Feb 8, 2023

I know we had a couple of discussion with @cmb69 about this. The main blocker was security issues. But AFAIK those can now be handled on GitHub too.

@damianwadley
Copy link
Member Author

True, but even if we're not ready for that leap just yet, doesn't restricting to php.net accounts still allow work with security reports? Speaking as someone who hasn't worked with those. If not then they could just, you know, be an exception to the rule.

@nikic
Copy link
Member

nikic commented Jun 24, 2023

717f16a should help with the spam.

@cmb69
Copy link
Member

cmb69 commented Jul 20, 2024

717f16a should help with the spam.

Well, they already worked around that, by prepending "github" to the URL.

And a lot of recent spam is using the "upload patch" feature. I wanted to suggest to disable that altogether, but just found this ticket.

The main blocker was security issues. But AFAIK those can now be handled on GitHub too.

Actually, it is no longer possible to submit any new reports (security related or otherwise; see https://bugs.php.net/report.php).

It's time to pull the trigger on the next stage of transitioning to GitHub Issues: don't allow any further edits, comments, uploads, or other activity except by php.net developer accounts.

After thinking about this, I fully agree. If people have really something to say about an old bug, it is not that unlikely that they open a GH issue, so we can basically transfer relevant tickets to GH over time. There are better ways to spend time, than to remove spam.

@nikic
Copy link
Member

nikic commented Jul 20, 2024

Yes, I think it's fine to limit bugs.php.net to php.net accounts at this point.

cmb69 added a commit to cmb69/web-bugs that referenced this issue Jul 20, 2024
@cmb69
phpGH-114: Lock down bug tracker to developers only
de2cc8c 
All further conversation about bugs is supposed to happen on Github.
We still allow developers to edit the bug tracker, so they can clean
up.

We start by disallowing users to add patches.
@cmb69 cmb69 linked a pull request Jul 20, 2024 that will close this issue
GH-114: Lock down bug tracker to developers only #120
Merged
4 tasks
@cmb69
Copy link
Member

cmb69 commented Jul 27, 2024

I'm quite surprised to have not seen any new spam on that bug tracker for almost a week. Has this issue already been resolved in some way (without touching this repo)?

@php-pulls
Copy link

php-pulls commented Jul 27, 2024 via email

@cmb69
Copy link
Member

cmb69 commented Jul 27, 2024

Is it you, @derickr? I thought that issue had been resolved.

@derickr
Copy link
Member

derickr commented Jul 27, 2024 via email

@derickr derickr mentioned this issue Jul 31, 2024
Closed
derickr pushed a commit that referenced this issue Aug 1, 2024
@cmb69 @derickr
GH-114: Lock down bug tracker to developers only
4a29f1a 
All further conversation about bugs is supposed to happen on Github.
We still allow developers to edit the bug tracker, so they can clean
up.

We start by disallowing users to add patches.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

GH-114: Lock down bug tracker to developers only cmb69/web-bugs
6 participants
@derickr @nikic @php-pulls @cmb69 @Girgias @damianwadley