Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
On Mon, Jan 19, 2015 at 7:32 PM, Russell Stuart wrote:
> In other words the current system contains robust defences against such
> an attack. All I (and I presume Ben) are saying is removing those
> defences is not a good idea, given it's easy enough to design a system
> that keeps them. Currently most of the auto subscription proposals
> appearing here do remove them.
My statement was more in reference to Don's prior discussion on this
topic. A while ago (not in this thread) he mentioned the possibility
of requiring the confirmation step only for the first mail to the bts
from a previously unknown address.
So anyway, nnnnnn-subscribe can be used to spam confirmation messages
currently, and general mail to the bts from an unknown address will
end up doing the same, but it's basically a non-issue because it's a
rather uninteresting thing to do for anyone that might consider
wanting to do it.