Bug#359905: PTS: unsubscription fraud possible
On Thu, 30 Mar 2006, MJ Ray wrote:
> > I'll include a patch which changes the subject to "Unsubscription notice"
> > or something similar.
>
> You'll prepare it, or accept it when it arrives?
Accept it if it arrives. :-)
> > The best solution would be be to implement the bounce handler (with
> > VERP-like headers) but an intermediary solution would be to extract the
> > unsubscription code into a stand-alone perl script that I can call on
> > master directly.
>
> I probably need to understand how mail gets into the system
> better before I can see how to prepare the bounce handler.
That's easy to check. Login in master and check
/org/packages.qa.debian.org/mail/.
> How about a confirmation bypass for admin-gpg-signed requests?
Many solutions are possible but I have no desire to implement those just
for the sake of enabling confirmation request at unsubscription.
For me GPG-signing unsubscription request would be counter-productive,
it's already boring enough to handle bounces manually that in fact I
stopped doing it for some time.
Cheers,
--
Raphaël Hertzog
Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/
Reply to: