[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: spam closes Debian bugs!

Thomas Viehmann wrote:
> Julian Mehnle wrote:
> > > Who should be allowed to close bug reports?
> > 
> > Only DDs, the maintainer, and the reporter -- if his initial report
> > was signed. 
> That's unreasonable from my point of view and does not buy any security:
> The header is not signed. I could just take any signed mail and use
> that to close anything. (And yes, I have closed some bug reports where
> I try to help out.) 

Of course the control messages would need to be signed by recognized keys.  That was implicit in my suggestion, as the identity of a control message sender cannot sensibly be verified with confidence any other way.  Apparently, that wasn't obvious enough for some readers.

> At best, you have can argue that there is a harm, significance is
> utterly questionable. You aren't even close to having a prima facie
> reasonable argument in favor of your solution.

Well, obviously there are a lot of people here who don't even recognize the harm (which has already been proven by the recent spam-closed bug).  Plus, others do recognize the harm but consider my suggestion overkill.  As a non-maintainer, it is not *my* packages' bug reports that are prone to abuse, so I'll accept that and stop participating in this thread.

> > > At least the current type of spam problem could be easily averted
> > > by closing bugs via requiering "Closes: " pseudoheader.
> > 
> > That would be another possibility.  No problem with me -- until
> > some class of attackers start attacking the BTS systematically.
> Your proposal doesn't solve this.

Yes, it does, as long as an attacker's key isn't trusted by the BTS.

Florent Rougon wrote:
> The point is about managing bugs from just about
> any Internet-connected computer. Using your GPG key on such a computer
> is very dangerous. This is indeed one of the best ways to have it
> compromised. 
> The password doesn't protect it, by the way. If you want to do something
> with a bug, you'll have to type the password. On a cracked computer,
> this means giving the password to the attacker.

For someone *that* paranoid, you're astoundingly ignorant of the BTS' security vulnerability.  Users could even use separate crypto key pairs for BTS purposes.  Oh well, inertia rules.

Wouter Verhelst wrote:
> So, you would like to see our mailservers DoSed because they need to
> throw CPU power at anything that vaguely resembles a PGP signature?

By all means better than letting "our" (will you sue me for saying that because I'm no DD?) human bug handlers be DoSed.

Reply to: