Re: Reopening bug closed due to SPAM
>>>>> "Javier" == Javier Fernández-Sanguino Peña <email@example.com> writes:
Javier> If spam e-mail is going to start closing our Bugs in the
Javier> BTS then we should start thinking about implementing
Javier> authentication checks in the BTS... like for example: do
Javier> not allow control messages or -close messages with no
Javier> attached (valid) GPG/PGP signatures (from a valid
Would a GPG signature help in the long run?
The BTS closes bugs based on the address in the SMTP recipient field.
This is not GPG protected.
So a Spammer could copy an existing email from an existing developer
from mailing list archives, forge his email address, and resend
it. The signature remains valid, and the bug will still be closed.
GPG signatures don't protect data that isn't protected (such as mail
headers or SMTP session), and it doesn't protect against replay
attacks (unless you add some other mechanism, e.g. include the date
and time in the protected part of the message).
Brian May <firstname.lastname@example.org>