PowerShellGallery icon indicating copy to clipboard operation
PowerShellGallery copied to clipboard
verified publisher icon PowerShell

Email is revealed in "Package published" notification

Open fflaten opened this issue 1 year ago • 1 comments

Prerequisites

  • [X] Write a descriptive title.
  • [X] Make sure you are able to repro it on the latest version
  • [X] Search the existing issues.

Steps to reproduce

  • Be owner of a module/package
  • (Maybe, see actual behavior comment) Enable notification setting shown below
  • Co-owner publishes a new version.

image

Expected behavior

Email remains private. The note says "Also, we never reveal your email address to other users.", not excluding co-owners. Use individual notification emails or BCC

Actual behavior

Email with subject "[PowerShell Gallery] Package published - <modulename> <version>" adds all owners in To-field exposing the email.

Bonus bug? Package was published with another account, yet I got an email. Is this expected? Option only to exclude self published packages?

Error details

No response

Environment data

N/A

Version

N/A

Visuals

No response

fflaten avatar May 18 '24 11:05 fflaten

Combined with https://github.com/PowerShell/PowerShellGallery/issues/265 this isn't great from a privacy standpoint as I'm also unable to update my account email.

fflaten avatar May 18 '24 12:05 fflaten