[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spam closes Debian bugs!

Julian Mehnle <lists@mehnle.net> wrote:
> Thomas Viehmann wrote:
>> Julian Mehnle wrote:
>> > > Who should be allowed to close bug reports?
>> > Only DDs, the maintainer, and the reporter -- if his initial report
>> > was signed. 

>> That's unreasonable from my point of view and does not buy any security:
>> The header is not signed. I could just take any signed mail and use
>> that to close anything. (And yes, I have closed some bug reports where
>> I try to help out.) 

> Of course the control messages would need to be signed by recognized
> keys.  That was implicit in my suggestion, as the identity of a
> control message sender cannot sensibly be verified with confidence
> any other way.  Apparently, that wasn't obvious enough for some
> readers.

You are missing Thomas' point. If you sign a mail message you only
sign the body of the message (neither Subject nor To nor Date), so
nothing is keeping me from taking *this* <[🔎] 40534D87.3040106@beamnet.de>
message by Thomas and bouncing it to nnnnnnn-done@bugs.debian.org. -
It still has a verifyable signature by a DD.

Therefore your proposal of simply requiring signing by a DD is
security-wise just as (in)effictive as requiring every message that is
changing a bug's status (-done/control) must contain: "X-BTS: Really
no spam".

There are two ways to fix your proposal:
* Use non-standard signatures that verify the header, too. (They are
  used in usenet but no[1] mail-client supports them.
* Abolish nnnnnnn-done@bugs.debian.org or require a magic
  keyword/header to make it effective

The former is undoable, the latter would fix the perceived problem
(spam changing a bug's status) without the additional need for
             cu andreas
[1] Except Gnus I assume. ;-)
NMUs aren't an insult, they're not an attack, and they're
not something to avoid or be ashamed of.
                    Anthony Towns in 2004-02 on debian-devel

Reply to: