Re: Debian upload monitor
Enrico Zini wrote:
For example, you have several IDs in your key. If I have reason to
believe that you don't receive mail in one of them (for example, I can
notice that a domain has expired, or I can send fake spam to all of them
and see if one bounces), then I can use that address in Maintainer: and
Changed-by:, and dak will mail there.
But this is a deliberate policy decision, not a technical limitation, because
these mails have been introduced for convenience, not as a security measure.
In fact, presently, the sponsor mails are not sent if the keyholder's name (as
put in projectb) appears in Changed-By or Maintainer, regardless of the mail
address, so your scheme to 'circumvent' their sending is excessively complicated.
But regardless of specific examples, this is an extra, complementary
layer of security. The GPG key is our most important security token,
and a way to track its usage is the least that we should have.
Whether it belongs to QA or ftp-master, is what I'm trying to find out.
Well, if there everyone wanted these mails, it would be trivial to send them
unconditionally instead of conditionally.
Thomas Viehmann, http://thomas.viehmann.net/