Bug#339724: unsubscribing to bug reports from web page open to malicious use
Package: qa.debian.org
Hi,
I was surprised to discover that, when I attempted to unsubscribe myself
from bug reports for a specific package, via the developer web-page, the
action was committed immediately. The convention is for there to be a
request of confirmation, as anyone could feasibly enter in someone
else's email address, and unsubscribe them from bug reports.
I think this obvious loop-hole should at least be acknowledge, even if
unsolicited subscription/desubscription to bug reports is deemed not severe.
Regards,
Shaddy
Reply to: