Re: spammers closing bugs in BTS
Daniel Pocock dijo [Wed, Aug 17, 2016 at 06:38:35PM +0200]:
> I was only talking about control emails (e.g. the -done address and
> control@). The requirements for opening bugs or submitting comments
> (without pseudo-headers) could remain as they are.
> Maybe it could insist that emails from addresses known to be DDs have
> to be signed. This would prevent people impersonating DDs.
Ummm... I'd set the bar a bit lower - If mails closing a bug were
required to be from an identity that had already corresponded to such
bug report. Of course, we would probably be tying the verification to
the sender mail address, and that can be problematic if I tend to mail
from different addresses, but it'd be a point to later work on
(i.e. maybe also match on sender name, or such).
So, if I were to close a bug I had not previously interacted with,
maybe it would be required for me to send a mail stating "I will soon
close this bug" five minutes before actually closing it. Or maybe
adding a 'X-not-a-robot' pseudoheader.