Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]

To: debian developers <debian-devel@lists.debian.org>
Subject: Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
From: Michael Gilbert <mgilbert@debian.org>
Date: Mon, 19 Jan 2015 16:57:47 -0500
Message-id: <[🔎] CANTw=MO6gKhnJtrjKFiGWYm4vFpb-PjcrOTKJ4WM8-LQ0t=zGw@mail.gmail.com>
In-reply-to: <[🔎] 1421660516.5545.29.camel@russell-laptop.pc.brisbane.lube>
References: <[🔎] 54BC1734.5050802@sourcepole.ch> <[🔎] 20150119000632.GJ21194@teltox.donarmstrong.com> <[🔎] CAKTje6FADvPad8Ei9ZhDfg5pSCh0vjxgjx2ZECqn6Fdv6wFcAQ@mail.gmail.com> <[🔎] 1421629432.31046.183.camel@decadent.org.uk> <[🔎] 54BCC865.4090208@sourcepole.ch> <[🔎] 1421660516.5545.29.camel@russell-laptop.pc.brisbane.lube>

On Mon, Jan 19, 2015 at 4:41 AM, Russell Stuart wrote:
>> But isn't subscribing participants "natural"?
>
> It may be natural, but IMO you are underestimating the spam vector
> problem.
>
> Debian's bug submission mechanism does not try to verify you control the
> email address you are submitting from.  Most other bug tracking systems
> do such authentication, usually by requiring you to create an account.
> Since there is no verification it becomes trivial to sign someone up to
> 1000's of bugs using a script.

Isn't the spam vector already wide open for
nnnnnn-subscribe@bugs.debian.org, which isn't much (ab)used today?

I fail to see how any of the discussed changes open an abuse vector
that doesn't already exist.

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Russell Stuart <russell-debian@stuart.id.au>

References:
- Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Tomas Pospisek <tpo2@sourcepole.ch>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Don Armstrong <don@debian.org>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Paul Wise <pabs@debian.org>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Tomas Pospisek <tpo2@sourcepole.ch>
- Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
  - From: Russell Stuart <russell-debian@stuart.id.au>

Prev by Date: Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
Next by Date: Bug#775789: ITP: libauthen-htpasswd-perl -- Perl module to read and modify Apache .htpasswd files
Previous by thread: Re: Who gets an email when with bugreports
Next by thread: Re: Who gets an email when with bugreports [was: Re: Unauthorised activity surrounding tbb package]
Index(es):
- Date
- Thread