Bug#359905: PTS: unsubscription fraud possible

[Justin Pryzby <justinpryzby@users.sourceforge.net>]

On Wed, Mar 29, 2006 at 02:18:34PM +0100, MJ Ray (Debian) wrote:
> Package: qa.debian.org
> Severity: important
> 
> Recently, I stopped receiving bug information via the PTS for
> rsnapshot (with various consequences including an NMU). I
> found nothing relevant in the PTS log files but I did see
> PTS mail was sent to several of my different email addresses.
> 
> When tidying my PTS subscriptions after that, it seemed that
> I was not asked for confirmation when unsubscribing email
> addresses from some packages - anyone can unsubscribe
> any address from packages without the victim being told.
> 
> I hope I have misunderstood. If not and this bug is tagged
> confirmed help, I will work on a patch when I get time.
This is briefly discussed and justified at:

#339724: unsubscribing to bug reports from web page open to malicious use
Package: qa.debian.org; Reported by: Shaddy_Baddah@hotmail.com; Tags: pts
Done: Raphael Hertzog <hertzog@debian.org>; Will be archived in 11 days.