Open jcfr opened 2 weeks ago
After further analysis, the issue is related to a "bot" account that commented on the issue and is independent of the email of the researcher who created the account.
The corresponding account has been reported.
For context, here is another example of such comment. See https://github.com/jcfr/MorphoCloudPortal/issues/88#issuecomment-2312935572
For future reference, here was the comment:
After reporting the account to GitHub, it has now been "removed"
Thanks @jcfr. I think we still want to implement the double entry of the email (to double check) and automatic obfuscate for privacy issues.
To handle the case when the two entries do not match, I suggest to:
/encode_email
explicitly If the two email do match, email will automatically be encoded (aka obfuscated)
Does this sound reasonable?
It would be better, if the user cannot proceed or submit the ticket if the emails are not identical (or somehow give real-time feedback), but I understand that may not be possible with GH issues.
When requesting an instance, have the user enter their email name twice, and if it checkouts, obfuscate the email right away. We have already someone snooping and sending fake emails to people (see the screenshot), which is very serious issue since our users can't tell whether this is legit or not.
Originally posted by @muratmaga in https://github.com/MorphoCloud/MorphoCloudWorkflow/issues/27#issue-2487721000