Re: Bug#75853: TONER CARTRIDGES
On Wed, Oct 09, 2002 at 09:52:25AM +0200, Andreas Metzler wrote:
> Colin Watson <cjwatson@debian.org> wrote:
> > Now that we've got MIME support, at least requiring signed mails for
> > things is possible. Requiring a signature for the traditional -done
> > address doesn't work though - you have something like this:
> [...]
> > I'd quite like to see 'close' enhanced as you describe. Obviously we'd
> > need to make service communicate more with the submitter, which is
> > probably a good thing anyway (e.g. #93408).
>
> Hello,
> ATM is is ok for the bug submitter to close his own bug, which I think
> is a good idea. But checking his PGP-Sig does not work, as you've
> usually got not trust in his key. _If_ he has one.
Yes. So close probably can't be signed.
(I spent a long time using the bug tracking system as a non-developer,
so I know the ropes here.)
> > As for other uses of signed commands: the general bug-manipulation
> > commands are probably horribly contentious, as they're often used by
> > non-developers to helpful effect, although reopen is arguable. spam and
> > unspam sound useful and should be signed. change-submitter? Anything
> > else?
>
> I think you are proposing a too heavy solution for the problem, at
> hand, i.e. spam closing, opening, or manipulating bugs.
Spam doesn't open or manipulate bugs, so I'm not thinking particularly
of that. Spam closing bugs is one of the problems at hand, but I'm
trying to think more widely.
> This could be done much simpler:
> * strict syntax-checking at control@, anything that is no valid
> command is taken as 'quit'.
control@ already quits after a few invalid commands, and I've never seen
spam coming across the right syntax. Protecting control@ against spam
isn't a concern, in the same way that protecting submit@ and so on isn't
a concern.
> * do away withh XXXX-done or require a (pseudo-)Header similar to the
> one required by submit@, eg. 'X-DebBTS-close: XXXX,YYYY'. It should
> be possible to use this in the Body or the Header for people whose
> MUAs do not allow custom headers.
I think Anthony suggested a pseudo-header 'Closes:' somewhere. This
would be nice for several reasons:
* it's very similar to the syntax in .changes files;
* it may fit more easily into the flow of a conversation on a bug than
having to suddenly cc control;
* process is the script which currently handles -done along with
ordinary submissions to existing bugs, and has the infrastructure
for sending acks and such, so it would be easier to keep it there;
* if you extend the idea to 'Forwards:' to replace -forwarded, it
could be possible to report a bug that's forwarded upstream right
from the start, e.g. when you've already been discussing a problem
with upstream and just want to log it for the benefit of Debian.
However, a pseudo-header doesn't allow you to do version tracking so
naturally: pseudo-headers are simple, control commands can have a little
more syntax attached to them if need be.
> Requiring PGP signed messages would be the right thing to do if you
> wanted to disable administrator commands for non DDs, e.g. because you
> wanted to stop some Script-Kiddie from shutting the BTS down by
> closing or reopening all bugs, as a protection against spam it is much
> to heavy.
Yeah, I think I implied this in my post. I'm mostly brainstorming about
things we could do that historically have been too scary to allow
without authentication. Most spam protection is likely to be done in an
entirely different way, so I'd like not to get too distracted by that.
There *are* functions that could be usefully enabled if authentication
was possible. 'spam' and 'unspam' commands are ideal examples. The
question is, what (if any) are the others?
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: