On Fri, Jun 14, 2019 at 7:21 AM anon notmyfault64 wrote: > The vulnerability you mentioned is when contact form doesn't have proper spam > protection. > > they may have reCAPTCHA validation
The Debian website doesn't use dynamic content, doesn't use JavaScript and doesn't pull in resources from third-party websites or services, so reCAPTCHA is not feasible for us to use. In addition reCAPTCHA is incredibly hard to pass even for a human, I haven't been able to manage it recently. I would wager that it is not very accessible either. > honeypot technique Do you know how these work? > BTW, will debian.org implement contact form? If won't, why? If there is a volunteer who is willing and able to work on it, then it might get worked on. My personal opinion is that we should at minimum, drop debian-www from the footer so we stop getting user support questions on the website mailing list. Then the contact page could be streamlined and a form designed to direct people to the correct contact points. -- bye, pabs https://wiki.debian.org/PaulWise
