Opened 17 years ago

Closed 17 years ago

#409 closed Defect (duplicate)

TeamImport

Reported by: Saenger Owned by: davea
Priority: Major Milestone: Undetermined
Component: Server - Other Version:
Keywords: Cc:

Description

The new "feature" is a bug.

Pre-fab teams with founders who don't know about their founder status, don't even have or want a team in the new project are not manageble. You can see what happens if you implement this rubbish bug in the project NQueens, where lot's of teams exist in an alpha project about Chess, and I doubt that any of the "founders" knows anything about his status there.

How was this list created?

How are the founders informed about their new team?

How is the email of the founder secured from the project, as I don't think they gave the permission to give the email to some unbeknownst new project, perhaps just a spammer on the lookout for valid emails?

How can real team members at the new project get the founder status from the unwilling and involuntary founder?

Threads in 2 fora about this: http://nqueens.ing.udec.cl/forum_thread.php?id=6 http://de.boincstats.com/forum/forum_thread.php?id=2494

Change History (16)

comment:1 Changed 17 years ago by Ageless

Summary: TemImportTeamImport

added an 'a' to the title.

comment:2 Changed 17 years ago by Saenger

I just learned that the list with next to unprotected email addresses is available to anyone, this list has to be deleted asap! It's inconceivable for me how anyone with his mind together can post such a list on the internet.

comment:3 Changed 17 years ago by MikeMarsUK

Teams stuff is documented here:

[url]http://boinc.berkeley.edu/teams/[/url]

[url]http://boinc.berkeley.edu/trac/wiki/TeamDiscussion[/url]

The Boinc-wide teams development has been discussed for months on the teams mailing list.

Why is it critical?

comment:4 Changed 17 years ago by Saenger

Anyone can create any team there. People with some sense of data security won't even dream of creating their team there, so it's up for grabs to everybody else. I just tried and would probably have been successful in creating BOINC@Heidelberg, and thus stealing the name from ThEfT.

If the mail address is something meaningful, and it has to be to inform the founders about the new teams they just autocreated on some obscure project, it must not be shared with obscure projects. If you use a fake account to prevent any compromising of your data (like I did: me@…), nobody will ever get to the founders account to change anything. It's a catch22 situation: either no data security or no team name protection.

So either you ditch all data security for the small convenience of not having to organize your teams on the various projects, or it's useless.

It may not be critical, I was not aware that only a few teams where in this stupid scheme, I would downsize it to major, but I can't see an option to do so.

comment:5 in reply to:  4 Changed 17 years ago by KSMarksPsych

Priority: CriticalMajor

Replying to Saenger:

I would downsize it to major, but I can't see an option to do so.

Changed priority.

comment:6 Changed 17 years ago by MikeMarsUK

As far as I can see, your primary worry is that fake teams can be created in the 'teams' project if the real team founder doesn't create it themselves first. Is that right?

Perhaps if there were a verification step first, i.e., David A or some other trusted person, saying 'yeah' or 'nay' to each team before it is exported, that would solve the problem?

From my reading of the Teams project description, the current set up is that anyone can create a team, but then David A can delete it if someone raises a concern about it.

comment:7 Changed 17 years ago by davea

Resolution: invalid
Status: newclosed

The original poster had several misapprehensions; e.g. if a team founder wants to set a password for one of the auto-created accounts, he/she can do so by the standard mechanism: get the account key via email, then use it to log in and set a password. Other examples have been pointed out by others. As far as I know, the design is OK.

comment:8 Changed 17 years ago by Nicolas

What I don't understand is how it's an issue to export HASHED email addresses in stats? but it's not an issue to export rot13'd email addresses in the XML used for this team thing.

comment:9 Changed 17 years ago by Nicolas

New thread on BOINC dev forums shows a user genuinely confused at what the feature did, so it's not just speculation on the possible problems.

comment:10 in reply to:  9 Changed 17 years ago by Nicolas

Replying to Nicolas:

New thread on BOINC dev forums shows a user genuinely confused at what the feature did, so it's not just speculation on the possible problems.

New link to thread (the other was deleted because it had email addresses).

comment:11 Changed 17 years ago by davea

I added a sentence saying that profiles and passwords are not copied.

comment:12 in reply to:  3 Changed 17 years ago by Saenger

Resolution: invalid
Status: closedreopened

Replying to MikeMarsUK:

The Boinc-wide teams development has been discussed for months on the teams mailing list.

I fail to find a teams mailing list i the only place where official mailing lists are possible:

http://lists.ssl.berkeley.edu/mailman/listinfo

There's only this outsourced chitchat group on Google, that's not for real discussions.

comment:13 Changed 17 years ago by Didactylos

Hmm... I contribute to BOINC and I'm the captain of a major team. Up until this complaint, I had never heard of the Google discussion group, either.

comment:14 Changed 17 years ago by MikeMarsUK

For future reference the teams mailing list is here:

http://groups.google.com/group/boinc-team-founders

Saenger, you didn't say why you reopened the issue, just commented on the mailing list. It might be an idea to describe what you feel the current issues are and why you feel they weren't resolved :-)

comment:15 Changed 17 years ago by Saenger

Every answer is was just an evasion and a forced "invitation" to the improper, outsorced, Google group, where you have to create the next account, on Google, without even the remotes connection to BOINC, while this here and the forum on /dev and the mailing lists, all on the only valid server for this kind of discussions, are left behind with excuses and insults.

Ma questions have never been answered:

How was this list created?

How are the founders informed about their new team?

How is the email of the founder secured from the project, as I don't think they gave the permission to give the email to some unbeknownst new project, perhaps just a spammer on the lookout for valid emails?

Only the last one has now, after two month and massive pushing, been dealt with by David Anderson.

I first simply left it with this obvious neglect and disrespect for us users by the chief developer, but now I decided to reopen it, as like I said: Nothing has been done in this regard.

comment:16 Changed 17 years ago by Didactylos

Resolution: duplicate
Status: reopenedclosed

Combining #455 with this ticket, and closing as duplicate. Just cleaning up the ticket list.

Note: See TracTickets for help on using tickets.