Re: reportbug defaults [Re: Bug#367200: ITP: libemail-send-perl -- Simply Sending Email]
Scripsit Don Armstrong <don@debian.org>
> On Wed, 17 May 2006, Henning Makholm wrote:
>> How does sending directly to from reportbug to an ISP's smarthost
>> validate the user's email address better than sending directly from
>> reportbug to a HTTP POST somewhere?
> I'm talking about an HTTP access method in general; if it were to be
> done, I'd expect that it validate the users email address before
> actually forwarding bug reports from the user.
Why don't you have the same expectation about SMTP access methods?
>> It is not necessary that there is anywhere any HTML form that refers
>> to the posting URL; only reportbug would need to know it.
> Except for the fact that anyone can create a page which posts to that
> url.
... with a big large text box in which a user is supposed to manually
format some text that can be parsed properly by the unknown backend
script? If anybody _really_ wanted to fake a bug report with a wrong
user, it is much simpler to use an off-the-shelf MUA than to try to
reverse-engineer the data format used by a the private reportbug HTTP
application.
--
Henning Makholm "Det er trolddom og terror
og jeg får en værre
ballade når jeg kommer hjem!"
Reply to: