[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SPAM mails marking bugs as done?

On Tue, May 14, 2002 at 05:47:58PM +0200, Wouter Verhelst wrote:
> >   So we shouldn't allow people without a debian.org address to submit
> > more information to a bug they didn't file unless they forge their From
> > addresses?
> > 
> >   You Must Be Joking.
> That's why I explicitely mentioned 'when receiving a mail at an address
> that could modify the state of a bug'.

This is fine as long as an attempt to reply and tell you that your message
was rejected, preferably with your original mail attached so it can be
saved, modified, and resent is made.

I'm no fan of rejections that give me no way to resent my message.  If I
get such a rejection, I want to be able to (relatively) painlessly make a
change or two to the message to use control@bugs and just resend the
message with a fresh sig.

(Does control@bugs actually not barf if you include a message as MIME

Actually, as I have never seen PGP-signed spam, checking for the existance
of a sig (whether or not it's a valid Debian key, or potentially even a
valid signature for that matter) should also be on the accept list.  If
you want to check sigs, you can have gnupg automagically fetch keys from
pgp.net and such, but put a timeout on that if you do and realize the
public keyring used will grow exponentially.  (I do this with mutt and
mailing lists, just because I like seeing that messages are intact, even
if I don't have a trust value assigned to that person yet..)

Joseph Carter <knghtbrd@bluecherry.net>            No conceit in my family
<SirDibos> does Johnie Ingram hang out here on IRC?

Attachment: pgpAR9ytOD2Ts.pgp
Description: PGP signature

Reply to: