[Users] Setting up an account on Bugzilla

[Albert ARIBAUD]

Hi,

Le Sun, 17 Sep 2017 12:36:15 +0100
Jeremy Nicoll <jn.ml.clwm.729 at letterboxes.org> a écrit:

> The 'new account' page warns that email addresses are easily harvested
>  by spammers, but browsing through existing bug reports I haven't seen
> anyone's email address.
> 
> Is the warning still appropriate?

It is, IMO, for at least these reasons:

1. While you cannot see people's addresses when you are not logged in,
you do see them when logged in, so if a bugzilla registered user's
machine gets zombified, it could collect other bugzilla user addresses;

2. A misconfiguration (or unlucky rollback, or exploit) can always
happen and make bugzilla accounts visible to outsider at some points.
Better if your email address there is unique and therefore easily
changed.

As a general measure, you should avoid using the same e-mail address
for several types of use; because if that e-mail address gets
compromised, then this give the attacker access to several accounts.

(and of course you should *never* use the same pair of address *and*
password on several site accounts.)

Amicalement,
-- 
Albert.