[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spammers closing bugs in BTS

On 18/08/16 10:48, Holger Levsen wrote:
> On Wed, Aug 17, 2016 at 06:14:38PM +0200, Daniel Pocock wrote:
>> I received a notification that a bug was closed.
>> The email that closed the bug was a spam email sent to the
>> address (bug-number)-done@bugs.debian.org
> [...]
>> Maybe time to start requiring PGP signatures on control emails to
>> the BTS?
> there are >800000 bugs in the BTS and you evidence abuse on one
> single bug and that causes you to suggest to change workflows which
> have worked for many years?
> don't you think you are reacting a bit too fast?

Is this the only bug where this ever occurred?  If so, I feel like I
have just wont the lottery then.

When attackers find a 0 day exploit, don't they react as fast as they can?

For anybody wanting to cause massive irritation to the project, all
they have to do is put up a static web page containing all the
possible "-done" addresses and let spammers do the rest.

Reply to: