On Sun, 2008-07-27 at 15:36 +0200, Reinhard Tartler wrote: > Eduard Bloch <edi@gmx.de> writes: > > > #include <hallo.h> > > * Reinhard Tartler [Wed, Jul 23 2008, 04:36:39PM]: > > > >> > How about activating it the first time they send a gpg-signed mail to > >> > the mail interface? How about simply allowing any DD to send gpg-signed email to add comments to any LP bug without any login? It is the login that I want to avoid. > > Of course it does. Give every DD a "hidden" account, ... > > Every DD and debian contributor already has a "hidden" account that is > created on package import. https://launchpad.net/~blade e.g. is yours, > but it seems that you already have activated it and used it already in > the past. Why force activation in the first place? All the information needed to "activate" a DD account already exists - our GnuPG fingerprints, our DD email addresses and full names. If an email is received that is signed by a known key belonging to a DD, LP should just accept the blasted thing and stop looking for any other authentication or activation or login or anything else of any kind, ever. If someone can send an email to LP signed by my key then I have a lot more to worry about than whether LP is going to refuse to authenticate that email. Any email signed by a known key belonging to a DD should be accepted without question or authentication or activation or anything else. > > As an example for an unclaimed Launchpad account, see e.g. > https://launchpad.net/~joerg. Or, presumably, ~codehelp. I don't see why that should exist at all, I'd much prefer that such a URL just got a 404. *IF* the DD wants to have some content under such a URL, it can be enabled with the current login (which in turn could simply be available as an "upgrade" from the hidden account already assigned automatically). Even better, do it in a similar manner to people.debian.org and give DD's SSH access. > > > ... i.e. not displayed anywhere on the web. > > Why should those accounts be hidden? What problem would be solved with > that? Avoiding giving Ubuntu users the impression that a particular DD will be contactable via the LP interface when actually all that is being enabled is "Send". Receiving would still need email to the dd@d.o email address - i.e. explicit CC:. > > > For external observer this would not change the current situation but > > provide DDs the flexibility requested in this thread. > > Which would be exactly what? Add comments - the one thing that LP refuses at the moment. After discussions earlier in this thread, closing can be done but marking a bug as "wontfix" cannot - neither can reassigning or altering tags or all the other features that the BTS supports via email. Closing a bug without any comment whatsoever is just plain rude but LP forces such rudeness. > Close Bugs via changelog? No need for an LP > account here. Or use the malone mail interface? See > https://help.launchpad.net/BugTrackerEmailInterface for the > documentation how to use that. Note that you need to claim your LP > account first and associate your gpg key with it. It is precisely this activation that is completely pointless and unnecessary. LP could just activate the accounts based on the publicly available data already in existence for all DD's and accept our GnuPG keys. What "extra data" is actually being obtained during the activation process? LP knows the username, the verified email address and the gpg key fingerprint - I'm certainly not going to trust any other details of my identity to LP. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
signature.asc
Description: This is a digitally signed message part