Re: spam closes Debian bugs!
Julian Mehnle <firstname.lastname@example.org> wrote:
> Thomas Viehmann wrote:
>> Julian Mehnle wrote:
>> > > Who should be allowed to close bug reports?
>> > Only DDs, the maintainer, and the reporter -- if his initial report
>> > was signed.
>> That's unreasonable from my point of view and does not buy any security:
>> The header is not signed. I could just take any signed mail and use
>> that to close anything. (And yes, I have closed some bug reports where
>> I try to help out.)
> Of course the control messages would need to be signed by recognized
> keys. That was implicit in my suggestion, as the identity of a
> control message sender cannot sensibly be verified with confidence
> any other way. Apparently, that wasn't obvious enough for some
You are missing Thomas' point. If you sign a mail message you only
sign the body of the message (neither Subject nor To nor Date), so
nothing is keeping me from taking *this* <[🔎] 40534D87.email@example.com>
message by Thomas and bouncing it to firstname.lastname@example.org. -
It still has a verifyable signature by a DD.
Therefore your proposal of simply requiring signing by a DD is
security-wise just as (in)effictive as requiring every message that is
changing a bug's status (-done/control) must contain: "X-BTS: Really
There are two ways to fix your proposal:
* Use non-standard signatures that verify the header, too. (They are
used in usenet but no mail-client supports them.
* Abolish email@example.com or require a magic
keyword/header to make it effective
The former is undoable, the latter would fix the perceived problem
(spam changing a bug's status) without the additional need for
 Except Gnus I assume. ;-)
NMUs aren't an insult, they're not an attack, and they're
not something to avoid or be ashamed of.
Anthony Towns in 2004-02 on debian-devel