Goswin von Brederlow escribió:
Javier Fernández-Sanguino Peña <jfs@computer.org> writes:
If spam e-mail is going to start closing our Bugs in the BTS then we should start thinking about implementing authentication checks in the BTS... like for example: do not allow control messages or -close messages with no attached (valid) GPG/PGP signatures (from a valid developer?)"NMs and most submitters aren't in the keyring so they would have a hard time managing bugs if a DD signature is required.
The requirement for a valid signature might not be 'valid signature = DD signature' but something more liberal like 'valid signature = signature in the web of trust' (i.e. either a DD or signed by a DD) or even more liberal like 'valid signature = signature in known keyservers'. In the later, spammers could get keys generated and submitted there but they are not really targetting our BTS, it's backscatter from their spam tricks.
And don't forget the DAK closing bugs on uploads. The archive key would have to be allowed to sign too.
Or the BTS mail interface could approve messages coming in directly from the ftp-master system, in any case, adding the archive key would not be an issue, probably.
I don't know if the BTS admins are going to go forward with any of these but IMHO it doesn't make any sense to allow administrative access (managing, retitling, tagging, etc.) to the BTS without any kind of authentication attempts (even if "simple") of the end user when in most situations it's somebody the project knows about, not Random Joe.
Maybe the BTS admins are tracking abuse somehow, I haven't digged into the BTS code at all but I do remember some abuse in the past and people being shunted off. However, with the current state of affairs, is there anything that prevents somebody from sending fake e-mails (maybe using relay proxies) to the BTS using random mail To's to (1-close to 319400-close _AT_ bugs.debian.org ? Just wondering...
Regards Javier