Hi,

We have some open source projects which are open to public. Visitors who are not logged in have read-only access to code, issues and packages.

And this is where the emails and names are being exposed to the public. Some issues are created from emails through the Helpdesk system. For these issues OneDev prints information at the top of the issue like this: OneDev opened NN minutes ago on behalf of [email protected] (First Last Name)

Since these issues are publicly accessible without need to login, these information is exposed to all sorts of internet bots collecting data.

I think that even, after logging in, information like real name and email should not be shown like this to users. Since we run system publicly accessible and anybody can create an account to participate in the code development, then, people who do not know each other and are unrelated use the system to communicate. I do not think anybody would want his email to be exposed to random people.

I do not have any particular preferences on how to prevent exposing user information.

Maybe some information should be shown based on the user permissions, or just to admins/project owners only?

Personally, I liked the previous behaviour more, when the OneDev automatically created a user account from the helpdesk email. I understand your motivation why this was changed. But in our case, the previous behaviour made more sense. Maybe you could bring it back with some configuration switch? This way, user emails would not be exposed as the OneDev would just show user information in standard way?