Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
On Wed, Jan 21, 2015 at 9:41 PM, Russell Stuart wrote:
> The reason is all that happens now is you get one unwanted email and
> that is the end of it. In particular the attacker can't force you do to
> something to prevent the bugs.debian.org from sending further unwanted
> emails. If you get rid of authentication then the victim, be it you, or
> your mother, or your local police constable, will have to tell the
> Debian bugs system to unsubscribe them from a list they never subscribed
> to in the first place.
Why do you insist that eliminating confirmation is part of the discussion?
I'm not sure why this discussion is necessary at all. Don has said
that he's working on the problem, maybe let's just get out of his way?