#169 Email privacy problem

Open
opened 1 month ago by pgimeno · 5 comments

Merging a PR creates a commit with my real email address. I expected it to use a fictitious one like pgimeno@users.noreply.notabug.org that indicates that pgimeno is my username in notabug.org but suggests that it's not an address that can be used for contacting me.

I'm not sure if this is caused by #168.

Merging a PR creates a commit with my real email address. I expected it to use a fictitious one like `pgimeno@users.noreply.notabug.org` that indicates that `pgimeno` is my username in `notabug.org` but suggests that it's not an address that can be used for contacting me. I'm not sure if this is caused by #168.
angela commented 1 month ago

I'm interested in this, too.

I don't see a subscribe button, so I'm commenting to subscribe.

I'm interested in this, too. I don't see a subscribe button, so I'm commenting to subscribe.

i am confused - why would you want to publish code and not allow anyone to contact you?

and why would you expect an fictitious email address? does any existing forge have such naughty behavior?

i am confused - why would you want to publish code and not allow anyone to contact you? and why would you expect an fictitious email address? does any existing forge have such naughty behavior?
angela commented 1 month ago

Speaking of the Github API, for example, spam bots.

Having the email accessible to logged-in users is acceptable, but signing off a commit with it opens the plausibility of spam.

Speaking of the Github API, for example, spam bots. Having the email accessible to logged-in users is acceptable, but signing off a commit with it opens the plausibility of spam.
Pedro Gimeno commented 1 month ago
Poster

Yes, GitHub provides such a mechanism. See attached image.

And yes, it's an anti-spam measure. It's not that I don't want to be contacted. People can contact me through issues or PRs, or by pinging me, for example. But I don't want to be changing the email address every time a spambot finds it.

And it's not only the Github API that allows access. When viewing any commit, you add ".patch" to the URL and you can see the email of the author. For example:

https://github.com/pgimeno/digiplay/commit/a3b039467d978b8f2210f70fb75ebaafdf36e666.patch

(I committed that with that email). So it's actually out in the open without needing any API, just a web crawler. NotABug supports the same feature:

207a503aa1

(edit: the link doesn't point to the one I typed, let me see if this works: example)

Yes, GitHub provides such a mechanism. See attached image. And yes, it's an anti-spam measure. It's not that I don't want to be contacted. People can contact me through issues or PRs, or by pinging me, for example. But I don't want to be changing the email address every time a spambot finds it. And it's not only the Github API that allows access. When viewing any commit, you add ".patch" to the URL and you can see the email of the author. For example: https://github.com/pgimeno/digiplay/commit/a3b039467d978b8f2210f70fb75ebaafdf36e666.patch (I committed that with that email). So it's actually out in the open without needing any API, just a web crawler. NotABug supports the same feature: https://notabug.org/pgimeno/Goo/commit/207a503aa1e1e051b9cdce52dc66dcccd4a23bd6.patch (edit: the link doesn't point to the one I typed, let me see if this works: [example](https://notabug.org/pgimeno/Goo/commit/207a503aa1e1e051b9cdce52dc66dcccd4a23bd6.patch))
angela commented 1 month ago

I've been pushing to Notabug with my Github email set and while it obfuscates my 'real' email, the user is not linked to my account/avatar.

I submitted a request on Gogs.

I've been pushing to Notabug with my Github email set and while it obfuscates my 'real' email, the user is not linked to my account/avatar. I [submitted a request](https://github.com/gogs/gogs/issues/5296) on Gogs.
Sign in to join this conversation.
No Milestone
No assignee
3 Participants
Loading...
Cancel
Save
There is no content yet.