This was not an "official" response from Nokia as I do not work for Nokia. So please don't state that. Thanks.

This will be fixed in the next weeks when we have finally upgraded maemo.org Bugzilla to version 3.4.
See https://landfill.bugzilla.org/bugzil...teaccount.cgi:

"PRIVACY NOTICE: Bugzilla is an open bug tracking system. Activity on most bugs, including email addresses, will be visible to the public. We recommend using a secondary account or free web email service (such as Gmail, Yahoo, Hotmail, or similar) to avoid receiving spam at your primary email address. "

As a general note, everybody can always test the latest stable Bugzilla version online, upstream at https://landfill.bugzilla.org/bugzilla-3.4-branch/ to check if any requests/improvements exist in that new version.

Bugzilla 3.4 will fix this by displaying a hint on account creation:
"PRIVACY NOTICE: Bugzilla is an open bug tracking system. Activity on most bugs, including email addresses, will be visible to the public. We recommend using a secondary account or free web email service (such as Gmail, Yahoo, Hotmail, or similar) to avoid receiving spam at your primary email address."

Uhm, that sounds dirrrrty!
So let's say three employees of the company X quit the company and have been active in the Bugzilla of X. Now "deleting" these three user accounts and merging them into one big "Once upon a time this was a Bugzilla user" account will make it impossible later on to see which person has written (and especially: decided) what. Unlikely that this is wanted from a company and community point of view with regard to transparency.

Wish I could say different - I've been receiving spam regularly on my b.m.o. email address for the last few months and I wouldn't be surprised if it's related to bug #6873 which, for an information security issue, is getting sod all attention. For years we've asked people to vote on bugs, and their reward is to have their email addresses exposed for potential harvesting by spammers.

A fair question, but why is it necessary to show email addresses at all?

The system knows who each individual is, the system should be displaying full names and never email addresses.

Unless I'm missing an obvious point, there should be absolutely no reason for me or anyone else to know someone's email address in Bugzilla. The only time this has been useful is when adding someone manually as a CC - as I did recently (to no avail) with Sergio on a Modest/POP bug - but there should instead be a mechanism where I can search for his full name and the system then adds his reference, his email doesn't need to be known by me or divulged to me.

It really is a deficiency of the Bugzilla design that it leaks private and personal information *unnecessarily*.

The problem with temporary addresses in the context of Bugzilla is that you will never be notified of updates to your bugs, and when there are requests for "more information" it's a sure fire way to see the bug closed, unresolved, sooner than later, when nobody responds (as they no longer receive the notification emails...)

Drive-by Bug creation is not something to be recommended.

Hold on, does this mean email addresses will be open to EVERYONE or only authenticated/logged in users? If the former, do you also define "fixing it" as "making the current situation worse"? It does sound like this warning is just a band-aid over a gaping wound - the underlying problem is the design of Bugzilla which is unnecessarily poor in respect of user privacy.

Honestly, what benefit is to be gained from displaying email addresses at all in Bugzilla, even to authenticated users? Are there any plans to enhance Bugzilla so that it is able to function without users publicly viewing or entering email addresses?

emails have never been open to everyone, only to people who have a bugzilla account.

Yes, and I hope that remains the case although I think Bugzilla (the software) needs to go further and dispense with visible email addresses entirely.

However regarding b.m.o., the new warning doesn't differentiate between authenticated and non-authenticated users.

Being the uber cynic that I am, one way of resolving the information security issues that have plagued b.m.o. since it's inception would be to not bother protecting emails at all and just rely on this warning text... ie. putting the onus on the end user.

...as for example Launchpad does. I totally agree, but must also admit that I don't track Bugzilla upstream development closely, so I have no idea if there are plans for this.

Yes, but that's not what the privacy notice states. It could be worded more accurately ie "registered users" instead of "public".

That could give novice users a reason to not register or use throwaway email and defeat the purpose.

Don't know myself - best to query/ask upstream (Mozilla).