On 17/08/16 18:34, Stéphane Blondon wrote: > Hello, > > Le 17/08/2016 à 18:14, Daniel Pocock a écrit : >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737921 >> >> Maybe time to start requiring PGP signatures on control emails to >> the BTS? > > Requiring signature will increase the level to send bugs to the BTS > for external people. And spammers could add a signature. > > An attempt to improve the first proposal: - If a bug report has a > valid signature from the Debian web of trust, we could consider it > as valid. - If no signature, a activation link into the replyied > e-mail validates the report. > >
I was only talking about control emails (e.g. the -done address and control@). The requirements for opening bugs or submitting comments (without pseudo-headers) could remain as they are. Maybe it could insist that emails from addresses known to be DDs have to be signed. This would prevent people impersonating DDs.
