On Tue, 20 Aug 2013, Jean-Michel Vourgère wrote: > I'm writing a patch for reportbug, and I believe the cgi might need some minor > tweaks: > > If the bugreport is a security problem, reportbug asks whether it is an > undisclosed vulnerability. If the answer is Yes, the report is NOT to be sent > to sub...@bugs.debian.org but rather to t...@security.debian.org. > Right now, the CGI will override the destination and publish the problem on > the > BTS, which is probably a Bad idea™.
In this case, reportbug should probably just ask people to e-mail t...@security.debian.org details instead of sending a bug report. > Additionaly, there are a few other addresses that would be nice to > support: > > reportbug -kudos sends mail to: > _package_ @packages.debian.org These aren't really necessary. > If the security tag is present, reportbug will cc: > Debian Security Team <t...@security.debian.org> > Debian Testing Security Team <secure-testing-t...@lists.alioth.debian.org> These should be X-Debbugs-Cc:. > If the user sends additionnal information, report bug will send to > Debian Bug Tracking System <nnn...@bugs.debian.org> > Right now the cgi will post to submit, and it might be catched by the BTS [1] > but it would be nice to support these addresses too. The BTS will catch these, but accepting messages to a bug would also be allowable. > How bad would it be to support all adresses matching *@*.debian.org in > to: and cc:, regarding spams? If it's not talking directly to the BTS, I basically don't want to support it in the BTS. I suspect that allowing the destination to be given as destination=(nnnnn|submit|control) with a default to submit would be sufficient. I'm also concerned about allowing through bugs/messages which do not correspond to a working e-mail address... so it's possible that I will implement the CGI with some sort of cache coupled with a response. -- Don Armstrong http://www.donarmstrong.com America was far better suited to be the World's Movie Star. The world's tequila-addled pro-league bowler. The world's acerbic bi-polar stand-up comedian. Anything but a somber and tedious nation of socially responsible centurions. -- Bruce Sterling, _Distraction_ p122 -- To UNSUBSCRIBE, email to debian-debbugs-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130820180357.gc27...@rzlab.ucr.edu
