Recently I went to file a bug on a CPAN module (which I generally just do as anonymous to save time) only to find that rt.cpan will no longer accept anonymous bug reports via the web interface.
This makes the bug tracker links I've left in 90-odd modules pointing to the anonymous bug reporting next to useles, because when someone uses the link on the web documentation to report a bug, they are then told to sod off (to oversimplify the situation) and write an anonymous email instead.
After emailing Best Practical to ask why they had shut this down, I was told that they were unable to stop spam coming in via the web interface, and had decided to just shut down anonymous bug reporting altogether.
Users trying to report bugs through the RT.cpan public web interface now either have to report only via email, or instead get a third party ("Bitcard", something they will never have heard of) account to report a bug.
Apart from the irony of having to use anonymous email instead of a web interface due to spam reasons, I found this rather annoying additionally because we now no longer get severity or version metadata for bug reports.
Experience with trying to host projects in Source Forge has shown that the rates of contribution by users falls dramatically as soon as you make them do any work.
People are busy, they don't want to have to evaluate whether they should trust this "bitcard" thing or not (I personally may know what it is, but they won't) or open a seperate program and carefully type in the cryptic (for a normal user) email address.
More than likely, it's just more thinking and work and they'll bail out, which was exactly the same result I was asking people to submit patches via CVS.
People that want to help should have to do as little work as possible. For every additional step of thinking or click, or bit of work, you lose 10% or so from the people willing to deal with it.
But although Best Practical doesn't plan to bring back the public web bug reporting, they have said they are open to implementing a solution if we can find one.
So does anyone have any ideas, or want to volunteer to find a solution?
Can we transparently sign people up for a bitcard account at the same time as they submit the bug? Can we integrate with OpenID? Is there some web equivalent to Spam Assasin we can use to prevent web spam?
Can you fix rt.cpan? Anyone?
It’s not my favourite choice, exactly, but maybe interfacing with Akismet could solve (most of) the problem for cheap?
Re:___
Alias on 2006-08-25T02:45:15
"Nothing short of requiring email verification shuts them down."
I'm firming up on the idea that if that's what it takes, that's what we do.
We quarantine their email for $foo minutes, and email them to confirm that the bug report is genuine. Otherwise we drop it.
It should mean we can still veryify mail addresses without forcing people to sign up to an account.
Now all we need is somebody to write it:/
