[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]

On Mon, Jan 19, 2015 at 7:32 PM, Russell Stuart wrote:
> In other words the current system contains robust defences against such
> an attack.  All I (and I presume Ben) are saying is removing those
> defences is not a good idea, given it's easy enough to design a system
> that keeps them.  Currently most of the auto subscription proposals
> appearing here do remove them.

My statement was more in reference to Don's prior discussion on this
topic.  A while ago (not in this thread) he mentioned the possibility
of requiring the confirmation step only for the first mail to the bts
from a previously unknown address.

So anyway, nnnnnn-subscribe can be used to spam confirmation messages
currently, and general mail to the bts from an unknown address will
end up doing the same, but it's basically a non-issue because it's a
rather uninteresting thing to do for anyone that might consider
wanting to do it.

Best wishes,

Reply to: