Opened 3 years ago

Closed 2 years ago

#22067 closed Cleanup/optimization (fixed)

bug system "captcha" prompt is misleading

Reported by: michael.karl.coleman@… Owned by: nobody
Component: * Version:
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


The captcha prompt for filing a bug (without logging in) presents puzzles like "eight plus three minus two", to which a real human would reply "nine". This answer is not accepted, though, as the captcha wants "9".

The easy fix would be to change the prompt to indicated that the answer should be a string of digits, not the English spelling. Or, alternatively, just spell the problem using digits (e.g., "8 + 3 - 2"). It's a good bet that anything that can beat the latter can beat the former.

And while you're at it, you might as well fix #17791 at the same time (i.e., fix the prompt to not suggest that the bug report "looks like spam").

Change History (7)

comment:1 Changed 3 years ago by Aymeric Augustin

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

The real fix would be to force registration. The CAPTCHA kicks in only when you aren't logged in.

We're in the business of maintaining Django, not writing Trac plugins :-/

comment:2 Changed 3 years ago by Claude Paroz

I think that forcing registration would be fine. It adds a small barrier to reporting bugs, but I think it's acceptable, and many projects have already chosen to do so.

comment:3 Changed 3 years ago by Tim Graham

I'm in favor of requiring registration as well. When I posed this on IRC, Aymeric mentioned: "BDFLs were very attached to the ability to report issues without creating an account." On the other hand, we've seen anonymously reported issues where we respond and don't know if the reporter will ever respond since they won't be notified of our response. There also a fair number of comments and other changes that are accidentally made anonymously which results in some extra noise.

comment:4 Changed 3 years ago by Tim Graham

Easy pickings: unset
Triage Stage: UnreviewedAccepted
Type: BugCleanup/optimization
Version: 1.6

I've proposed requiring registration to perform Trac actions on django-developers:

comment:5 Changed 2 years ago by bjb@…

It would be great if you could just add words as to what format the answer is expected in, and what precedence the parens are in. And, words to say that you may have forgotten to fill in the email field and can avoid all this with a valid email address.

I had to find out all that stuff just by trying again and again (and reading this ticket). I was that close >< to just giving up and not reporting.

(no comments about how useless my problem reports are please : -)

comment:6 Changed 2 years ago by Tim Graham

I tried removing the "TICKET_CREATE" permission from anonymous users, but this hides the "New Ticket" button at the top of the page which isn't ideal. Also, if/when we remove these permissions from anonymous, I think we need to add them to authenticated (authenticated seems to inherit permissions from anonymous as it is now).

comment:7 Changed 2 years ago by Aymeric Augustin

Resolution: fixed
Status: newclosed

I enabled GitHub auth on Trac and configured permissions to require auth for all write operations.

To address Tim's last comment, I rewrote the home page, which contained mostly obsolete information (before, after).

Note: See TracTickets for help on using tickets.
Back to Top