#22067 closed Cleanup/optimization (fixed)

bug system "captcha" prompt is misleading

Reported by: michael.karl.coleman@… Owned by: nobody
Component: *.djangoproject.com Version:
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The captcha prompt for filing a bug (without logging in) presents puzzles like "eight plus three minus two", to which a real human would reply "nine". This answer is not accepted, though, as the captcha wants "9".

The easy fix would be to change the prompt to indicated that the answer should be a string of digits, not the English spelling. Or, alternatively, just spell the problem using digits (e.g., "8 + 3 - 2"). It's a good bet that anything that can beat the latter can beat the former.

And while you're at it, you might as well fix #17791 at the same time (i.e., fix the prompt to not suggest that the bug report "looks like spam").

Change History (7)

comment:1 Changed 16 months ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

The real fix would be to force registration. The CAPTCHA kicks in only when you aren't logged in.

We're in the business of maintaining Django, not writing Trac plugins :-/

comment:2 Changed 16 months ago by claudep

I think that forcing registration would be fine. It adds a small barrier to reporting bugs, but I think it's acceptable, and many projects have already chosen to do so.

comment:3 Changed 15 months ago by timo

I'm in favor of requiring registration as well. When I posed this on IRC, Aymeric mentioned: "BDFLs were very attached to the ability to report issues without creating an account." On the other hand, we've seen anonymously reported issues where we respond and don't know if the reporter will ever respond since they won't be notified of our response. There also a fair number of comments and other changes that are accidentally made anonymously which results in some extra noise.

comment:4 Changed 15 months ago by timo

  • Easy pickings unset
  • Triage Stage changed from Unreviewed to Accepted
  • Type changed from Bug to Cleanup/optimization
  • Version 1.6 deleted

I've proposed requiring registration to perform Trac actions on django-developers: https://groups.google.com/d/topic/django-developers/g728g23VI2E/discussion

comment:5 Changed 13 months ago by bjb@…

It would be great if you could just add words as to what format the answer is expected in, and what precedence the parens are in. And, words to say that you may have forgotten to fill in the email field and can avoid all this with a valid email address.

I had to find out all that stuff just by trying again and again (and reading this ticket). I was that close >< to just giving up and not reporting.

(no comments about how useless my problem reports are please : -)

comment:6 Changed 13 months ago by timo

I tried removing the "TICKET_CREATE" permission from anonymous users, but this hides the "New Ticket" button at the top of the page which isn't ideal. Also, if/when we remove these permissions from anonymous, I think we need to add them to authenticated (authenticated seems to inherit permissions from anonymous as it is now).

comment:7 Changed 10 months ago by aaugustin

  • Resolution set to fixed
  • Status changed from new to closed

I enabled GitHub auth on Trac and configured permissions to require auth for all write operations.

To address Tim's last comment, I rewrote the home page, which contained mostly obsolete information (before, after).

Note: See TracTickets for help on using tickets.
Back to Top