Re: spammers closing bugs in BTS

To: debian-devel@lists.debian.org
Subject: Re: spammers closing bugs in BTS
From: Daniel Pocock <daniel@pocock.pro>
Date: Sat, 20 Aug 2016 09:07:05 +0200
Message-id: <[🔎] 57B80199.2030706@pocock.pro>
In-reply-to: <[🔎] 20160818084859.GB17521@layer-acht.org>
References: <[🔎] 57B48D6E.3020200@pocock.pro> <[🔎] 20160818084859.GB17521@layer-acht.org>

On 18/08/16 10:48, Holger Levsen wrote:
> On Wed, Aug 17, 2016 at 06:14:38PM +0200, Daniel Pocock wrote:
>> I received a notification that a bug was closed.
>> 
>> The email that closed the bug was a spam email sent to the
>> address (bug-number)-done@bugs.debian.org
> [...]
>> Maybe time to start requiring PGP signatures on control emails to
>> the BTS?
> 
> there are >800000 bugs in the BTS and you evidence abuse on one
> single bug and that causes you to suggest to change workflows which
> have worked for many years?
> 
> don't you think you are reacting a bit too fast?
> 
> 

Is this the only bug where this ever occurred?  If so, I feel like I
have just wont the lottery then.

When attackers find a 0 day exploit, don't they react as fast as they can?

For anybody wanting to cause massive irritation to the project, all
they have to do is put up a static web page containing all the
possible "-done" addresses and let spammers do the rest.

Reply to:

Follow-Ups:
- Re: spammers closing bugs in BTS
  - From: Sven Joachim <svenjoac@gmx.de>

References:
- spammers closing bugs in BTS
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: spammers closing bugs in BTS
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Re: Bug#834756: ITP: powershell -- scripting language interpreter built on .NET
Next by Date: Re: spammers closing bugs in BTS
Previous by thread: Re: spammers closing bugs in BTS
Next by thread: Re: spammers closing bugs in BTS
Index(es):
- Date
- Thread