| Javier Fernández-Sanguino Peña 2006-11-05, 1:25 am |
| On Wed, Nov 01, 2006 at 03:43:06PM -0800, Don Armstrong wrote:
> On Thu, 02 Nov 2006, Javier Fernández-Sanguino Peña wrote:
>
> There's no reason to restrict control; spam sent there doesn't really
> do anything at all. Indeed, to this point, we have only occasionally
> had problems with control, generally of the BTS ping-pong variety
> which tends to be best dealt with with a bit of social engineering.
I was not only suggesting closing it to spammers, I was also suggesting
blocking it to non-legitimate users which might mangle with control in insane
ways (on purpose). True, I have not yet seen that before, but I'm afraid our
BTS would have little resilience if it was targeted by some Debian-hater due,
precisely, to it's openness.
> Messages to -close are slightly more annoying; we could increase the
> default score of messages to control, and rely on the negative scoring
> rules to keep legitimate messages.... but that would, again, result in
> more false positives. I (and AFAIK, the rest of the BTS admins) are
> rather wary of gratitously increasing the numbers of false positives.
> [And yes, messages sent by scripts or people who haven't learned to
> jump through the right hoops are clearly false positives.]
Still, there could be a "warning period" before starting to reject those
mails sent to -close that lacked whatever we decided on (be it a GPG
signature or a Pseudo-header). And even in aggresive mode I guess that it
would be possible to send bounces based on the scoring of messages (those
that 'look' like they are legitimate but fail the checks are bounced with a
warning, those that do not look like they are *and* fail the checks go to the
bit bucket).
Just my few cents.
Javier
|