[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spam closes Debian bugs!

On Wed, Mar 17, 2004 at 01:33:26PM +1100, Matthew Palmer wrote:
> As for a malicious attack (someone getting a list of all open bug reports
> and sending a giant "close NNN" for all of them to control@), the only way
> to protect against that is severe restriction of the BTS controls, which is
> going to annoy a lot of people who are currently contributing quietly but
> who don't particularly want to go through the hassle of getting access - and
> any meaningful form of getting access will be a hassle.

A better method is, to allow easy undo. You can for example see this in Wiki
systems. As long as you can keep track who did what, and can undo the
effects, you can have a authorisation less system.

However, the first simple protection would be to have the xxx-action@
aliases do some kind of (pseudo) header checking. to reduce the number of manual

Any ACL is DEADLY - it will effectively stop volunteers.

  (OO)      -- Bernd_Eckenfels@Mörscher_Strasse_8.76185Karlsruhe.de --
 ( .. )      ecki@{inka.de,linux.de,debian.org}  http://www.eckes.org/
  o--o     1024D/E383CD7E  eckes@IRCNet  v:+497211603874  f:+497211603875
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: