On 17/08/16 18:29, gustavo panizzo <gfa> wrote: > On Wed, Aug 17, 2016 at 06:14:38PM +0200, Daniel Pocock wrote: >> >> >> I received a notification that a bug was closed. >> >> The email that closed the bug was a spam email sent to the >> address (bug-number)-d...@bugs.debian.org >> >> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737921 > It was send by an PHP script, probably an abused contact form > X-PHP-Originating-Script: 10006:post.php(5) : regexp code(1) : > eval()'d code(17) : eval()'d code > >> >> Maybe time to start requiring PGP signatures on control emails to >> the BTS? >> > what about non-DDs? > >
It wouldn't need to validate the keys are on the DD keyring, although it may be useful to insist that they have been signed by a DD.
