[GNC] Documenting new Bugzilla restriction

Derek Atkins derek at ihtfp.com
Tue Sep 2 12:00:11 EDT 2025 

Indeed, that's been the issue.  This option was the cheapest way to turn
BZ back on at all!

With the wiki, I was able to turn off history, diffs, and generic
searching for unauthentic users.  However, I have been unable to find a
way to do that in bugzilla.

The medium-term goal would be to migrate to something like Anubis, but
even that will have issues -- and I can't install it on the current VM, so
I would have to perform OS migrations to make that work!

In short, requiring login was the least objectionable option that allowed
us to turn the service back on.

-derek

On Tue, September 2, 2025 11:46 am, Matt McCutchen wrote:
> OK, I updated the wiki.  Thanks John (and whoever approved my account).
>
> I would love to see the policy changed to at least allow users to view
> individual bug report pages without logging in and allow search engines
> to index them again, but I don't know what obstacles there are to
> supporting that without the server getting overloaded again.  I
> understand the change is very new and I trust you all will make an
> appropriate decision based on the feedback you receive and the
> availability of people to work on it; it's not my place as someone
> minimally involved with the project to push for anything.  Hence I kept
> the wiki factual and didn't promise anything.
>
> FWIW, I can sympathize: Back in June 2024, bots were overloading the
> gitweb repository viewer on my personal web site.  I had limited energy
> to deal with it at the time, so I just shut gitweb down completely,
> maintaining "git clone" access.  I think most of the load was from bots
> performing computationally expensive queries with every possible
> combination of parameters, and I hoped I could safely restore the
> ability to just view the latest versions of files, but with the
> relatively low traffic that my web site gets, so far I haven't able to
> justify the work to implement that.
>
> Matt
>
> On Mon, 2025-09-01 at 16:58 -0700, John Ralls wrote:
>> Sure. Even wanting to fix a typo is sufficient. We’re mostly trying
>> to weed out spammers and people who think they need a wiki account to
>> use GnuCash.
>>
>> Regards,
>> John Ralls
>>
>>
>> > On Sep 1, 2025, at 15:16, Matt McCutchen <matt at mattmccutchen.net>
>> wrote:
>> >
>> > On Tue, 2025-09-02 at 07:52 +1000, David H wrote:
>> > > Read the post at
>> > > https://lists.gnucash.org/pipermail/gnucash-user/2025-September/117417.html
>> > > for the reasons behind the bugzilla login.
>> >
>> > Thanks for the pointer.  I guess that was too recent to come up in my
>> > web search.  It didn't cross my mind that the change could be that
>> > recent.
>> >
>> > I think it would be helpful to document the rationale for the new
>> > policy on https://wiki.gnucash.org/wiki/Bugzilla .  I would be happy
>> to
>> > write the text, but am I justified in requesting a wiki account just
>> > for that?
>> >
>> > Matt
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

More information about the gnucash-user mailing list