Re: spammers closing bugs in BTS
On 17/08/16 18:29, gustavo panizzo <gfa> wrote:
> On Wed, Aug 17, 2016 at 06:14:38PM +0200, Daniel Pocock wrote:
>>
>>
>> I received a notification that a bug was closed.
>>
>> The email that closed the bug was a spam email sent to the
>> address (bug-number)-done@bugs.debian.org
>>
>>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737921
> It was send by an PHP script, probably an abused contact form
> X-PHP-Originating-Script: 10006:post.php(5) : regexp code(1) :
> eval()'d code(17) : eval()'d code
>
>>
>> Maybe time to start requiring PGP signatures on control emails to
>> the BTS?
>>
> what about non-DDs?
>
>
It wouldn't need to validate the keys are on the DD keyring, although
it may be useful to insist that they have been signed by a DD.
Reply to: