On Sat, Jan 06, 2018 at 05:10:10PM +0100, Davide Prina wrote: > https://haveibeenpwned.com/ > > that inform you if your credential have been compromised in data brench > (only for public compromised data). > > I have try it with submit@bugs.debian.org and this account result > compromised!! for: Email addresses, Passwords, Device usage tracking data, > Names, Physical addresses Thanks for your concern. However, I suspect it's misplaced in this case. haveibeenpwned.com works largely by indexing and scanning public text sharing sites like pastebin.com. Given the nature of submit@bugs.debian.org, it's fully expected to show up in lots of content on such sites. > Have this address a password? > Can this be a security issue? (If this is not know and the password was not > changed) submit@bugs.debian.org is not an email account with a password, so there's no risk of password compromise. > I have see that also other Debian mail result compromised: > security@debian.org > debian-security@lists.debian.org > request@bugs.debian.org > listmaster@lists.debian.org > debian-devel@lists.debian.org > debian-project@lists.debian.org > debian-security-announce@lists.debian.org > debian-i18n@lists.debian.org > debian-italian@lists.debian.org > debian-l10n-italian@lists.debian.org What I said about submit@bugs.debian.org applies equally to these addresses as well. noah
Attachment:
signature.asc
Description: PGP signature