Daniel Pocock dijo [Wed, Aug 17, 2016 at 06:38:35PM +0200]: > I was only talking about control emails (e.g. the -done address and > control@). The requirements for opening bugs or submitting comments > (without pseudo-headers) could remain as they are. > > Maybe it could insist that emails from addresses known to be DDs have > to be signed. This would prevent people impersonating DDs.
Ummm... I'd set the bar a bit lower - If mails closing a bug were required to be from an identity that had already corresponded to such bug report. Of course, we would probably be tying the verification to the sender mail address, and that can be problematic if I tend to mail from different addresses, but it'd be a point to later work on (i.e. maybe also match on sender name, or such). So, if I were to close a bug I had not previously interacted with, maybe it would be required for me to send a mail stating "I will soon close this bug" five minutes before actually closing it. Or maybe adding a 'X-not-a-robot' pseudoheader.
