Bug#339724: marked as done (unsubscribing to bug reports from web page open to malicious use)
Your message dated Sun, 12 Mar 2006 15:49:08 +0100
with message-id <20060312144908.GA3356@rivendell.ouaza.com>
and subject line Unsubscription without confirmation is fine
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: qa.debian.org
Hi,
I was surprised to discover that, when I attempted to unsubscribe myself
from bug reports for a specific package, via the developer web-page, the
action was committed immediately. The convention is for there to be a
request of confirmation, as anyone could feasibly enter in someone
else's email address, and unsubscribe them from bug reports.
I think this obvious loop-hole should at least be acknowledge, even if
unsolicited subscription/desubscription to bug reports is deemed not severe.
Regards,
Shaddy
--- End Message ---
--- Begin Message ---
> The convention is for there to be a request of confirmation, as anyone
> could feasibly enter in someone else's email address, and unsubscribe
> them from bug reports.
That's right, however the subscriber will get a copy of the unsubscription
mail and thus will be informed that someone unsubscribed him. That's why I
don't request a confirmation.
So this is really not a problem. Thus I'm closing this bug.
Cheers,
--
Raphaël Hertzog
Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/
--- End Message ---
Reply to: