[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Anyone can manipulate any bug report

swift@bu.edu writes:
> I just closed bug 5723 by sending mail to
> control@bugs.debian.org.  I am not a Debian developer, nor did I
> submit this bug.  I think Debian is great, and I don't want to
> throw any wrenches into the cogs of bugs.debian.org, but the
> opportunity for me to manipulate bug reports like this
> should probably not exist for me.

This is operating as designed.  The only other thing to do would be to
require PGP authentication on all control messages, and to keep an
up-to-date list of the authorised developers in the bug system.

The system has recently changed to make it easier for developers to
see what is happening to `their' bug reports - that is, the ones for
the packages they maintain.  They as well as the submitter will now
get copies of messages acknowledging state changes.

> If you want non-developers to take advantage of being able to
> manipulate (their) bug reports, then the bug reporting
> documentation should indicate this positively in
> bug-reporting.txt.  Presently none of the bug-system dox
> particularly say that non-developers cannot manipulate, but this
> is implied by the language, e.g., using "developer" as generic
> subject.

I think it's better to avoid publishing something that people might
break by accident.  There is no problem with competent and
well-informed non-developers manipulating bug reports, but I don't
think we want to encourage ordinary users to do so - the bug system
has become quite complicated to operate properly, and they'd just make
mistakes which we would have to fix.

Thanks for your message, but I'm closing this bug report.

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: