[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#359905: PTS: unsubscription fraud possible

Raphael Hertzog <hertzog@debian.org>
> On Wed, 29 Mar 2006, MJ Ray wrote:
> > In any case, why was the bug marked done if it's known,
> > but won't be fixed?
> Because I believe it's not a bug but a feature. It can even help to be
> able to unsubscribe someone else who has troubles unsubscribing alone.

Respectfully, I disagree. This bug is making the PTS
unreliable for co-maintainers.

> And it's your problem if you don't read carefully the mail that you
> received at your own address (IIRC, they have no special PTS like header
> and thus shouldn't be filtered out from normal e-mail).

They have an attacker-specified subject line and can be loaded
with content after the stop command, to trigger spam traps.
If you expect users to flag up these messages, how can they
spot them?

> BTW, right now we have no other tool to unsubscribe people (even people
> whose email doesn't work anymore) so if you want this feature to be
> implemented you probably should work to solve the other related problems
> before. :-)

Which other related problems, please?

My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct

Reply to: