[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: spam closes Debian bugs!

Paul Hampson wrote:
> > I'm getting so much spam through my debian account that I'm already
> > considering closing it down.  We must now tolerate spammers closing
> > bugs? 
> We don't tolerate it, we put up with it as a neccessary evil [...]

So where's the difference?

> > There are a lot of large projects, including the mozilla project, that
> > require addresses to be registered with a password just to submit a
> > bug. This is the model we should be moving toward.  The current
> > situation is totally unacceptable.
> And I'm sure they miss out on bugs (mine, for example) where the finder
> doesn't feel the need for _another_ username/password combo just to
> submit a single bug. 

Not even *I* (heh!) suggested requiring authentication for submitting bug reports.  Only for controlling them thereafter.

> For source-forge hosted projects, one user/pass covers many many
> projects, and is useful to have.

Which also about describes Debian.  What is the fundamental difference between SourceForge's many "projects" and Debian's many "packages"?

> A pseudo-header to match the email address for controlling bugs,
> I guess that's acceptable to me. (I usually use control@b.d.o
> anyway)

Well, if it averts spammers messing with the BTS, then I'm all for it.  I just think we may some day see other symptoms of the BTS effectively being anonymous, like spammers intentionally forging the pseudo-headers (because they deem Debian's mailing list and BTS archives a great spamming platform), or malicious attackers sabotaging the BTS.

Reply to: