RE: spam closes Debian bugs!
Thomas Viehmann wrote:
> Julian Mehnle wrote:
> > > Who should be allowed to close bug reports?
> > Only DDs, the maintainer, and the reporter -- if his initial report
> > was signed.
> That's unreasonable from my point of view and does not buy any security:
> The header is not signed. I could just take any signed mail and use
> that to close anything. (And yes, I have closed some bug reports where
> I try to help out.)
Of course the control messages would need to be signed by recognized keys. That was implicit in my suggestion, as the identity of a control message sender cannot sensibly be verified with confidence any other way. Apparently, that wasn't obvious enough for some readers.
> At best, you have can argue that there is a harm, significance is
> utterly questionable. You aren't even close to having a prima facie
> reasonable argument in favor of your solution.
Well, obviously there are a lot of people here who don't even recognize the harm (which has already been proven by the recent spam-closed bug). Plus, others do recognize the harm but consider my suggestion overkill. As a non-maintainer, it is not *my* packages' bug reports that are prone to abuse, so I'll accept that and stop participating in this thread.
> > > At least the current type of spam problem could be easily averted
> > > by closing bugs via requiering "Closes: " pseudoheader.
> > That would be another possibility. No problem with me -- until
> > some class of attackers start attacking the BTS systematically.
> Your proposal doesn't solve this.
Yes, it does, as long as an attacker's key isn't trusted by the BTS.
Florent Rougon wrote:
> The point is about managing bugs from just about
> any Internet-connected computer. Using your GPG key on such a computer
> is very dangerous. This is indeed one of the best ways to have it
> The password doesn't protect it, by the way. If you want to do something
> with a bug, you'll have to type the password. On a cracked computer,
> this means giving the password to the attacker.
For someone *that* paranoid, you're astoundingly ignorant of the BTS' security vulnerability. Users could even use separate crypto key pairs for BTS purposes. Oh well, inertia rules.
Wouter Verhelst wrote:
> So, you would like to see our mailservers DoSed because they need to
> throw CPU power at anything that vaguely resembles a PGP signature?
By all means better than letting "our" (will you sue me for saying that because I'm no DD?) human bug handlers be DoSed.