Bug#359905: PTS: unsubscription fraud possible

To: <hertzog@debian.org>, <359905@bugs.debian.org>
Subject: Bug#359905: PTS: unsubscription fraud possible
From: MJ Ray <mjr@phonecoop.coop>
Date: Thu, 30 Mar 2006 10:57:04 +0100
Message-id: <[🔎] E1FOtto-00079d-00@pipe.localnet.towers.org.uk>
Reply-to: MJ Ray <mjr@phonecoop.coop>, 359905@bugs.debian.org
In-reply-to: Your message of Thu, 30 Mar 2006 11:33:37 +0200 <[🔎] 20060330093337.GC14174@rivendell.ouaza.com>
References: <[🔎] 20060329131834.21238.87912.reportbug@pipe.localnet.towers.org.uk> <[🔎] 20060329162518.GA20386@andromeda> <[🔎] E1FOdun-0005rF-00@pipe.localnet.towers.org.uk> <[🔎] 20060330070859.GD12927@rivendell.ouaza.com> <[🔎] E1FOtAV-00076C-00@pipe.localnet.towers.org.uk> <[🔎] 20060330093337.GC14174@rivendell.ouaza.com>

Raphael Hertzog <hertzog@debian.org>
> Several persons complained of the *risk* but you're the first one who
> tells us that he has been unsubscribed by someone with malicious intent.

I have no way of telling whether or not I was, as I didn't notice
soon enough to check the logs. I hope it's more likely to be some
other reason. I just noticed a possibility when tidying my PTS use.

> I'll include a patch which changes the subject to "Unsubscription notice"
> or something similar.

You'll prepare it, or accept it when it arrives?

[...]
> The best solution would be be to implement the bounce handler (with
> VERP-like headers) but an intermediary solution would be to extract the
> unsubscription code into a stand-alone perl script that I can call on
> master directly.

I probably need to understand how mail gets into the system
better before I can see how to prepare the bounce handler.
How about a confirmation bypass for admin-gpg-signed requests?

Thanks,
-- 
MJR/slef
My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct

Reply to:

Follow-Ups:
- Bug#359905: PTS: unsubscription fraud possible
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- Bug#359905: PTS: unsubscription fraud possible
  - From: "MJ Ray (Debian)" <mjr@debian.org>
- Bug#359905: PTS: unsubscription fraud possible
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>
- Bug#359905: PTS: unsubscription fraud possible
  - From: MJ Ray <mjr@phonecoop.coop>
- Bug#359905: PTS: unsubscription fraud possible
  - From: Raphael Hertzog <hertzog@debian.org>
- Bug#359905: PTS: unsubscription fraud possible
  - From: MJ Ray <mjr@phonecoop.coop>
- Bug#359905: PTS: unsubscription fraud possible
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Bug#359905: PTS: unsubscription fraud possible
Next by Date: Bug#359905: PTS: unsubscription fraud possible
Previous by thread: Bug#359905: PTS: unsubscription fraud possible
Next by thread: Bug#359905: PTS: unsubscription fraud possible
Index(es):
- Date
- Thread