Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
On Mon, Jan 19, 2015 at 4:41 AM, Russell Stuart wrote:
>> But isn't subscribing participants "natural"?
> It may be natural, but IMO you are underestimating the spam vector
> Debian's bug submission mechanism does not try to verify you control the
> email address you are submitting from. Most other bug tracking systems
> do such authentication, usually by requiring you to create an account.
> Since there is no verification it becomes trivial to sign someone up to
> 1000's of bugs using a script.
Isn't the spam vector already wide open for
email@example.com, which isn't much (ab)used today?
I fail to see how any of the discussed changes open an abuse vector
that doesn't already exist.