On 18/08/16 10:48, Holger Levsen wrote: > On Wed, Aug 17, 2016 at 06:14:38PM +0200, Daniel Pocock wrote: >> I received a notification that a bug was closed. >> >> The email that closed the bug was a spam email sent to the >> address (bug-number)-d...@bugs.debian.org > [...] >> Maybe time to start requiring PGP signatures on control emails to >> the BTS? > > there are >800000 bugs in the BTS and you evidence abuse on one > single bug and that causes you to suggest to change workflows which > have worked for many years? > > don't you think you are reacting a bit too fast? > >
Is this the only bug where this ever occurred? If so, I feel like I have just wont the lottery then. When attackers find a 0 day exploit, don't they react as fast as they can? For anybody wanting to cause massive irritation to the project, all they have to do is put up a static web page containing all the possible "-done" addresses and let spammers do the rest.
