History Of Ticket a24ec6005f
Not logged in
HomeFilesLeavesTimelineBranchesTagsTicketsWikiLogin
Status Timeline
Ticket change [1df152ba0e] (rid 3253) by drh on 2008-07-24 02:07:00:
  1. Appended to comment:

    drh added on 2008-07-24 02:07:00:
    Problem fixed in f46fe42d6d. Contact information is stored as its SHA1 hash. The new CONCEALED table in the repository database (private data that is not synced) provides a mapping back to the original email address for trusted users.

  2. Change resolution to "Fixed"
  3. Change status to "Fixed"
Ticket change [aaea0ae96b] (rid 3247) by drh on 2008-07-24 00:27:46:
  1. Appended to comment:

    drh added on 2008-07-24 00:27:46:
    Here is another idea: Instead of storing the email address directly, we can store an SHA1 hash of the email address. Meanwhile maintain a mapping from hash back to email address in an auxiliary database table. This auxiliary table can be used to translate the hash back into an email address for display to authorized users. But because the auxiliary table is not shared as part of a clone or sync, remote repositories are unable to recover the original email address.

    There would need to be some way to share the auxiliary table with authorized users. No such mechanism currently exists and needs to be added. But on the other hand, such a mechanism might also be used to share ticket report formats, which is something else that is currently not shared but which ought to be.

Ticket change [ceebedbc17] (rid 3242) by drh on 2008-07-23 19:44:34:
  1. Appended to comment:

    drh added on 2008-07-23 19:44:34:
    I started writing code to encrypt the email address field. But upon further thought I realized that a determined malefactor could clone the repository and then mount a dictionary attack to recover the encryption password. So while encryption does make email address harvesting more difficult, it does not make it impossible. I wonder if it is even worth the trouble....

    Perhaps the right solution is (as the OP suggests) to change the bug form to say that the contact information is not displayed on any webpage but can be recovered by miscreants who go to the trouble of cloning the repository.

  2. Change priority to "Immediate"
  3. Change resolution to "Open"
  4. Change subsystem to "one"
  5. Change type to "Code_Defect"
Ticket change [f15f47e1a7] (rid 3241) by anonymous on 2008-07-23 18:52:47:
  1. Change comment to "If I file a new bug, after the field <tt>EMail:</tt> there is a hint, that the email address would not be publicly visible. But it seems to me, that the email address becomes visible if I clone the whole repository and examine the tickets and checkins afterwards via e.g. the timeline. I have no proposal how this could prevented. Cloning tickets is IMO a good idea, but of course all data will also be cloned with them! So perhaps the solution would be to remove the <i>Not publicly visible</i> hint?"
  2. Change foundin to "141c31792b"
  3. Change private_contact to "c.hintze@gmx.net"
  4. Change severity to "Minor"
  5. Change status to "Open"
  6. Change title to "Email in bug tickets <b>are</b> public visible (at least indirect)."
  7. Change type to "Incident"

Fossil version [c0211010a1] 2009-12-13 01:31:36