Re: spammers closing bugs in BTS
On 18/08/16 10:48, Holger Levsen wrote:
> On Wed, Aug 17, 2016 at 06:14:38PM +0200, Daniel Pocock wrote:
>> I received a notification that a bug was closed.
>>
>> The email that closed the bug was a spam email sent to the
>> address (bug-number)-done@bugs.debian.org
> [...]
>> Maybe time to start requiring PGP signatures on control emails to
>> the BTS?
>
> there are >800000 bugs in the BTS and you evidence abuse on one
> single bug and that causes you to suggest to change workflows which
> have worked for many years?
>
> don't you think you are reacting a bit too fast?
>
>
Is this the only bug where this ever occurred? If so, I feel like I
have just wont the lottery then.
When attackers find a 0 day exploit, don't they react as fast as they can?
For anybody wanting to cause massive irritation to the project, all
they have to do is put up a static web page containing all the
possible "-done" addresses and let spammers do the rest.
Reply to: