TeamImport

[Saenger]

The new "feature" is a bug.

Pre-fab teams with founders who don't know about their founder status, don't even have or want a team in the new project are not manageble. You can see what happens if you implement this rubbish bug in the project NQueens, where lot's of teams exist in an alpha project about Chess, and I doubt that any of the "founders" knows anything about his status there.

How was this list created?

How are the founders informed about their new team?

How is the email of the founder secured from the project, as I don't think they gave the permission to give the email to some unbeknownst new project, perhaps just a spammer on the lookout for valid emails?

How can real team members at the new project get the founder status from the unwilling and involuntary founder?

Threads in 2 fora about this: ​http://nqueens.ing.udec.cl/forum_thread.php?id=6 ​http://de.boincstats.com/forum/forum_thread.php?id=2494

[Ageless]

added an 'a' to the title.

[Saenger]

I just learned that the list with next to unprotected email addresses is available to anyone, this list has to be deleted asap! It's inconceivable for me how anyone with his mind together can post such a list on the internet.

[MikeMarsUK]

Teams stuff is documented here:

[url]http://boinc.berkeley.edu/teams/[/url]

[url]http://boinc.berkeley.edu/trac/wiki/TeamDiscussion[/url]

The Boinc-wide teams development has been discussed for months on the teams mailing list.

Why is it critical?

[Saenger]

Anyone can create any team there. People with some sense of data security won't even dream of creating their team there, so it's up for grabs to everybody else. I just tried and would probably have been successful in creating BOINC@Heidelberg, and thus stealing the name from ThEfT.

If the mail address is something meaningful, and it has to be to inform the founders about the new teams they just autocreated on some obscure project, it must not be shared with obscure projects. If you use a fake account to prevent any compromising of your data (like I did: me@…), nobody will ever get to the founders account to change anything. It's a catch22 situation: either no data security or no team name protection.

So either you ditch all data security for the small convenience of not having to organize your teams on the various projects, or it's useless.

It may not be critical, I was not aware that only a few teams where in this stupid scheme, I would downsize it to major, but I can't see an option to do so.

[KSMarksPsych]

Replying to Saenger:

I would downsize it to major, but I can't see an option to do so.

Changed priority.

[MikeMarsUK]

As far as I can see, your primary worry is that fake teams can be created in the 'teams' project if the real team founder doesn't create it themselves first. Is that right?

Perhaps if there were a verification step first, i.e., David A or some other trusted person, saying 'yeah' or 'nay' to each team before it is exported, that would solve the problem?

From my reading of the Teams project description, the current set up is that anyone can create a team, but then David A can delete it if someone raises a concern about it.

[davea]

The original poster had several misapprehensions; e.g. if a team founder wants to set a password for one of the auto-created accounts, he/she can do so by the standard mechanism: get the account key via email, then use it to log in and set a password. Other examples have been pointed out by others. As far as I know, the design is OK.

[Nicolas]

What I don't understand is how it's an issue to export HASHED email addresses in stats? but it's not an issue to export rot13'd email addresses in the XML used for this team thing.

[Nicolas]

New thread on BOINC dev forums shows a user genuinely confused at what the feature did, so it's not just speculation on the possible problems.

[Nicolas]

Replying to Nicolas:

New thread on BOINC dev forums shows a user genuinely confused at what the feature did, so it's not just speculation on the possible problems.

New link to thread (the other was deleted because it had email addresses).

[davea]

I added a sentence saying that profiles and passwords are not copied.

[Saenger]

Replying to MikeMarsUK:

The Boinc-wide teams development has been discussed for months on the teams mailing list.

I fail to find a teams mailing list i the only place where official mailing lists are possible:

​http://lists.ssl.berkeley.edu/mailman/listinfo

There's only this outsourced chitchat group on Google, that's not for real discussions.

[Didactylos]

Hmm... I contribute to BOINC and I'm the captain of a major team. Up until this complaint, I had never heard of the Google discussion group, either.

[MikeMarsUK]

For future reference the teams mailing list is here:

​http://groups.google.com/group/boinc-team-founders

Saenger, you didn't say why you reopened the issue, just commented on the mailing list. It might be an idea to describe what you feel the current issues are and why you feel they weren't resolved :-)

[Saenger]

Every answer is was just an evasion and a forced "invitation" to the improper, outsorced, Google group, where you have to create the next account, on Google, without even the remotes connection to BOINC, while this here and the forum on /dev and the mailing lists, all on the only valid server for this kind of discussions, are left behind with excuses and insults.

Ma questions have never been answered:

How was this list created?

How are the founders informed about their new team?

How is the email of the founder secured from the project, as I don't think they gave the permission to give the email to some unbeknownst new project, perhaps just a spammer on the lookout for valid emails?

Only the last one has now, after two month and massive pushing, been dealt with by David Anderson.

I first simply left it with this obvious neglect and disrespect for us users by the chief developer, but now I decided to reopen it, as like I said: Nothing has been done in this regard.

[Didactylos]

Combining #455 with this ticket, and closing as duplicate. Just cleaning up the ticket list.