[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Good communication with upstream is good idea

On Sun, 2008-07-27 at 15:36 +0200, Reinhard Tartler wrote:
> Eduard Bloch <edi@gmx.de> writes:
> > #include <hallo.h>
> > * Reinhard Tartler [Wed, Jul 23 2008, 04:36:39PM]:
> >
> >> > How about activating it the first time they send a gpg-signed mail to
> >> > the mail interface?

How about simply allowing any DD to send gpg-signed email to add
comments to any LP bug without any login? It is the login that I want to

> > Of course it does. Give every DD a "hidden" account, ...
> Every DD and debian contributor already has a "hidden" account that is
> created on package import. https://launchpad.net/~blade e.g. is yours,
> but it seems that you already have activated it and used it already in
> the past.

Why force activation in the first place? All the information needed to
"activate" a DD account already exists - our GnuPG fingerprints, our DD
email addresses and full names. If an email is received that is signed
by a known key belonging to a DD, LP should just accept the blasted
thing and stop looking for any other authentication or activation or
login or anything else of any kind, ever. If someone can send an email
to LP signed by my key then I have a lot more to worry about than
whether LP is going to refuse to authenticate that email. Any email
signed by a known key belonging to a DD should be accepted without
question or authentication or activation or anything else.

> As an example for an unclaimed Launchpad account, see e.g.
> https://launchpad.net/~joerg.

Or, presumably, ~codehelp. I don't see why that should exist at all, I'd
much prefer that such a URL just got a 404. *IF* the DD wants to have
some content under such a URL, it can be enabled with the current login
(which in turn could simply be available as an "upgrade" from the hidden
account already assigned automatically). Even better, do it in a similar
manner to people.debian.org and give DD's SSH access.

> > ... i.e. not displayed anywhere on the web.
> Why should those accounts be hidden? What problem would be solved with
> that?

Avoiding giving Ubuntu users the impression that a particular DD will be
contactable via the LP interface when actually all that is being enabled
is "Send". Receiving would still need email to the dd@d.o email address
- i.e. explicit CC:.

> > For external observer this would not change the current situation but
> > provide DDs the flexibility requested in this thread.
> Which would be exactly what? 

Add comments - the one thing that LP refuses at the moment. After
discussions earlier in this thread, closing can be done but marking a
bug as "wontfix" cannot - neither can reassigning or altering tags or
all the other features that the BTS supports via email. Closing a bug
without any comment whatsoever is just plain rude but LP forces such

> Close Bugs via changelog? No need for an LP
> account here. Or use the malone mail interface? See
> https://help.launchpad.net/BugTrackerEmailInterface for the
> documentation how to use that. Note that you need to claim your LP
> account first and associate your gpg key with it.

It is precisely this activation that is completely pointless and
unnecessary. LP could just activate the accounts based on the publicly
available data already in existence for all DD's and accept our GnuPG
keys. What "extra data" is actually being obtained during the activation
process? LP knows the username, the verified email address and the gpg
key fingerprint - I'm certainly not going to trust any other details of
my identity to LP. 


Neil Williams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: