Re: Bug#75853: TONER CARTRIDGES

To: debian-devel <debian-devel@lists.debian.org>
Subject: Re: Bug#75853: TONER CARTRIDGES
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 8 Oct 2002 20:25:59 -0500
Message-id: <[🔎] 20021008202559.A25482@debian.org>
Mail-followup-to: Colin Watson <cjwatson@debian.org>, debian-devel <debian-devel@lists.debian.org>
In-reply-to: <20020918155539.GA24841@azure.humbug.org.au>; from aj@azure.humbug.org.au on Thu, Sep 19, 2002 at 01:55:40AM +1000
References: <87lm5zmxz1.fsf@papadoc.bayour.com> <Pine.LNX.4.33.0209181038000.1034-100000@yakko.doogie.org> <20020918155539.GA24841@azure.humbug.org.au>

On Thu, Sep 19, 2002 at 01:55:40AM +1000, Anthony Towns wrote:
> Anyway, I've been thinking that we'll probably want to do away with the
> 123456-done@bugs.debian.org method of closing bugs sometime, to ensure
> that we can start tracking which version of a package closed a bug (so
> the close command would then become "close 123456 3.14-5.2"). Obviously
> the archive scripts and other things would need to be changed to cope,
> too. Do people think this would suck, too much? If not, it also lets us
> avoid the problem of address harvesters accidently figuring out how to
> close bugs.
> 
> And then, of course, we can start making (certain) requests to
> control@b.d.o require PGP signatures... ;)

Now that we've got MIME support, at least requiring signed mails for
things is possible. Requiring a signature for the traditional -done
address doesn't work though - you have something like this:

  To: nnnnn-done@bugs.debian.org
  Content-Type: multipart/signed; protocol="pgp-signature";
                boundary="separator"

  --separator
  [signed data, i.e. actual text of closing message]
  --separator
  Content-Type: application/pgp-signature
  [signature material]
  --separator--

AIUI, the To: address isn't part of the signed data, so you could just
forward some data you've found signed by a random developer and have it
close the bug. It would work as an obscure way to block spam to -done,
but wouldn't prevent abuse. So getting rid of -done altogether (with an
autoresponder telling people what the new interface is) starts to look
more appealing.

I'd quite like to see 'close' enhanced as you describe. Obviously we'd
need to make service communicate more with the submitter, which is
probably a good thing anyway (e.g. #93408).

As for other uses of signed commands: the general bug-manipulation
commands are probably horribly contentious, as they're often used by
non-developers to helpful effect, although reopen is arguable. spam and
unspam sound useful and should be signed. change-submitter? Anything
else?

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: Bug#75853: TONER CARTRIDGES
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

Prev by Date: Re: Warning to Debian Developers regarding BitKeeper
Next by Date: Re: debdelta/debpatch
Previous by thread: Re: Bug#75853: TONER CARTRIDGES
Next by thread: Re: Bug#75853: TONER CARTRIDGES
Index(es):
- Date
- Thread