Bug 357268

Summary: Leakage of user information
Product: [Websites] bugs.kde.org Reporter: JHF2442 <j-kde_bts>
Component: generalAssignee: KDE sysadmins <sysadmin>
Status: RESOLVED NOT A BUG    
Severity: normal CC: j-kde_bts, nalvarez, sheedy
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description JHF2442 2015-12-28 17:19:31 UTC 
When editing an issue, info message shows email addresses of users that get informed about the update.
This leaks the users email addresses... did people opt in for this ?


Reproducible: Always

Steps to Reproduce:
1. add comment to an existing issue
2. submit


Actual Results:  
on top right side of the page the email addresses of the users that get informed are shown

Expected Results:  
only user names
Comment 1 JHF2442 2015-12-28 17:20:11 UTC 
Applies also for new issue submission (just seen it when submitting this one) :

Email sent to:
    sysadmin@kde.org, bugbot@landfill.bugzilla.org, kde-bugs-dist@kde.org, sheedy@kde.org
Comment 2 Nicolás Alvarez 2015-12-28 17:23:25 UTC 
This is not a leakage, email addresses on Bugzilla are public. Move mouse over your name in your bug comments and you will see your email address is visible there too.

When you create a Bugzilla account, there is a warning saying "KDE Bugtracking System is an open bug tracking system. Activity on most bugs, including email addresses, will be visible to the public. We recommend using a secondary account or free web email service (such as Gmail, Yahoo, Hotmail, or similar) to avoid receiving spam at your primary email address."