Bug#339724: unsubscribing to bug reports from web page open to malicious use

To: submit@bugs.debian.org
Subject: Bug#339724: unsubscribing to bug reports from web page open to malicious use
From: Shaddy Baddah <Shaddy_Baddah@hotmail.com>
Date: Fri, 18 Nov 2005 11:35:39 +0100
Message-id: <[🔎] 437DAE7B.8040508@hotmail.com>
Reply-to: Shaddy_Baddah@hotmail.com, 339724@bugs.debian.org

Package: qa.debian.org

Hi,

I was surprised to discover that, when I attempted to unsubscribe myself
from bug reports for a specific package, via the developer web-page, the
action was committed immediately. The convention is for there to be a
request of confirmation, as anyone could feasibly enter in someone
else's email address, and unsubscribe them from bug reports.

I think this obvious loop-hole should at least be acknowledge, even if
unsolicited subscription/desubscription to bug reports is deemed not severe.

Regards,
Shaddy

Reply to:

Prev by Date: developer.php popcon display a little off
Next by Date: Re: developer.php popcon display a little off
Previous by thread: Re: developer.php popcon display a little off
Next by thread: Bug#288241: marked as done (qa.debian.org: allow subscription to a key id)
Index(es):
- Date
- Thread