Bug#800824: nm.debian.org: Server Error (500) on email challenge for new entry

Fri, 30 Oct 2015 03:45:45 -0700 

* Jonathan Wiltshire: " Re: Bug#800824: nm.debian.org: Server Error (500) on
  email challenge for new entry" (Fri, 30 Oct 2015 10:05:40 +0000):

> Control: retitle -1 Fingerprint checker on newnm.html should warn if the
> fingerprint is already known Control: tag -1 confirmed
> Control: severity -1 normal
> 
> Hi,
> 
> On Sun, Oct 04, 2015 at 03:19:19AM +0200, Mathias Behrle wrote:
> > I tried to register on 2015-10-02 for a new account, but got on submitting
> > 
> > Serverfehler (500)
> > There's been an error. It's been reported to the site administrators via
> > e-mail and should be fixed shortly. Thanks for your patience.
> > 
> > I rechecked today and see that the entry indeed was created succesfully,
> > but that the problem is with the email challenge. Retriggering the
> > challenge at https://nm.debian.org/public/newnm/resend_challenge/yangoon
> > fails again with this error. So I am currently unable to confirm my account.
> 
> For both of you the problem is that you already have accounts because
> you're already DMs. (Sebastien's had been created with his surname as a
> middle name, which didn't help.) The script which imports people has no
> safe way to tell if you have an Alioth username, so when you later want to
> become DD it's quite misleading.
> 
> To fix the immediate problems please contact Front Desk with a signed mail
> confirming your Alioth account and the URL to you page and the links can be
> made manually.
> 
> There are two underlying problems to the behaviour:
> 
>  - the error 500 appears because the new account has no fingerprint, and it
>    tries to encrypt a message to it
>  - the account creation page does not check if a person is known to the
>    system except whether they are logged in
> 
> As a documentation fix, I've added a note to DMs on the account creation
> page which should at least remove any confusion. A better fix would be to
> have the page warn if a fingerprint is already known, which almost
> certainly means a duplicate account is being created. The handler should
> also fail to create an account with a suitable message if the fingerprint
> is being duplicated.

Thanks, Jonathan, just sent the mail to n...@debian.org.

-- 

    Mathias Behrle
    PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6

Attachment: pgpLXjq2SHlbN.pgp
Description: Digitale Signatur von OpenPGP

Reply via email to