RE: spam closes Debian bugs!
Paul Hampson wrote:
> > I'm getting so much spam through my debian account that I'm already
> > considering closing it down. We must now tolerate spammers closing
> > bugs?
> We don't tolerate it, we put up with it as a neccessary evil [...]
So where's the difference?
> > There are a lot of large projects, including the mozilla project, that
> > require addresses to be registered with a password just to submit a
> > bug. This is the model we should be moving toward. The current
> > situation is totally unacceptable.
> And I'm sure they miss out on bugs (mine, for example) where the finder
> doesn't feel the need for _another_ username/password combo just to
> submit a single bug.
Not even *I* (heh!) suggested requiring authentication for submitting bug reports. Only for controlling them thereafter.
> For source-forge hosted projects, one user/pass covers many many
> projects, and is useful to have.
Which also about describes Debian. What is the fundamental difference between SourceForge's many "projects" and Debian's many "packages"?
> A pseudo-header to match the email address for controlling bugs,
> I guess that's acceptable to me. (I usually use firstname.lastname@example.org
Well, if it averts spammers messing with the BTS, then I'm all for it. I just think we may some day see other symptoms of the BTS effectively being anonymous, like spammers intentionally forging the pseudo-headers (because they deem Debian's mailing list and BTS archives a great spamming platform), or malicious attackers sabotaging the BTS.