------- Comment #15 from joseph at codesourcery dot com 2010-02-10 02:29 ------- Subject: Re: Upgrade gcc.gnu.org/bugzilla to Bugzilla 3.4.5
On Wed, 10 Feb 2010, LpSolit at netscape dot net wrote: > ------- Comment #14 from LpSolit at netscape dot net 2010-02-10 00:29 ------- > (In reply to comment #13) > > Email replies get > > body and attachments automatically entered in the relevant bug, with an > > account created for the sender if they didn't already have one. If you > > preserve that, most of the important email handling functionality is > > there. > > Is there any check that the email sender is really the one he pretends to be? > It's easy to hack the From: header of emails from the email client and > impersonate another user (e.g. to gain privileges). No such check for adding comments from email replies, but adding a comment doesn't require privileges (and the password for an autocreated account is of course sent to the email address for that account, so an impersonator won't get the password). I don't know about the functionality for doing anything else by email. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=43011
