Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]

To: debian developers <debian-devel@lists.debian.org>
Subject: Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
From: Michael Gilbert <mgilbert@debian.org>
Date: Wed, 21 Jan 2015 21:10:40 -0500
Message-id: <[🔎] CANTw=MP-Z3BWHEXyxVTmq1fNQQDt6L-8gRrRFEXHQ_WX2yMagQ@mail.gmail.com>
In-reply-to: <[🔎] 1421713967.5526.73.camel@russell-laptop.pc.brisbane.lube>
References: <[🔎] 54BC1734.5050802@sourcepole.ch> <[🔎] 20150119000632.GJ21194@teltox.donarmstrong.com> <[🔎] CAKTje6FADvPad8Ei9ZhDfg5pSCh0vjxgjx2ZECqn6Fdv6wFcAQ@mail.gmail.com> <[🔎] 1421629432.31046.183.camel@decadent.org.uk> <[🔎] 54BCC865.4090208@sourcepole.ch> <[🔎] 1421660516.5545.29.camel@russell-laptop.pc.brisbane.lube> <[🔎] CANTw=MO6gKhnJtrjKFiGWYm4vFpb-PjcrOTKJ4WM8-LQ0t=zGw@mail.gmail.com> <[🔎] 1421713967.5526.73.camel@russell-laptop.pc.brisbane.lube>

On Mon, Jan 19, 2015 at 7:32 PM, Russell Stuart wrote:
> In other words the current system contains robust defences against such
> an attack.  All I (and I presume Ben) are saying is removing those
> defences is not a good idea, given it's easy enough to design a system
> that keeps them.  Currently most of the auto subscription proposals
> appearing here do remove them.

My statement was more in reference to Don's prior discussion on this
topic.  A while ago (not in this thread) he mentioned the possibility
of requiring the confirmation step only for the first mail to the bts
from a previously unknown address.

So anyway, nnnnnn-subscribe can be used to spam confirmation messages
currently, and general mail to the bts from an unknown address will
end up doing the same, but it's basically a non-issue because it's a
rather uninteresting thing to do for anyone that might consider
wanting to do it.

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Russell Stuart <russell-debian@stuart.id.au>

References:
- Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Tomas Pospisek <tpo2@sourcepole.ch>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Don Armstrong <don@debian.org>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Paul Wise <pabs@debian.org>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Tomas Pospisek <tpo2@sourcepole.ch>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Michael Gilbert <mgilbert@debian.org>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Russell Stuart <russell-debian@stuart.id.au>

Prev by Date: Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
Next by Date: Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
Previous by thread: Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
Next by thread: Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
Index(es):
- Date
- Thread