[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: reportbug defaults [Re: Bug#367200: ITP: libemail-send-perl -- Simply Sending Email]

Scripsit Don Armstrong <don@debian.org>
> On Wed, 17 May 2006, Henning Makholm wrote:

>> How does sending directly to from reportbug to an ISP's smarthost
>> validate the user's email address better than sending directly from
>> reportbug to a HTTP POST somewhere?

> I'm talking about an HTTP access method in general; if it were to be
> done, I'd expect that it validate the users email address before
> actually forwarding bug reports from the user.

Why don't you have the same expectation about SMTP access methods?

>> It is not necessary that there is anywhere any HTML form that refers
>> to the posting URL; only reportbug would need to know it.

> Except for the fact that anyone can create a page which posts to that
> url.

... with a big large text box in which a user is supposed to manually
format some text that can be parsed properly by the unknown backend
script? If anybody _really_ wanted to fake a bug report with a wrong
user, it is much simpler to use an off-the-shelf MUA than to try to
reverse-engineer the data format used by a the private reportbug HTTP

Henning Makholm                                   "Det er trolddom og terror
                                                         og jeg får en værre
                                               ballade når jeg kommer hjem!"

Reply to: