Your message dated Tue, 13 Mar 2012 17:55:06 +0100
with message-id <[email protected]>
and subject line Closing bugs related to the old NM web interface
has caused the Debian Bug report #510605,
regarding Advocate spoofing?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
510605: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510605
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nm.debian.org
Severity: normal
I haven't verified the issue, but the report better sits on
bugs.debian.org than in my private mail folder.
(Brian Pellin's application which is reported to have been used for
testing is ok and doesn't need fixup.)
Christoph
--
[email protected] | http://www.df7cb.de/
--- Begin Message ---
Hi debian-newmaint!
I think I found a little bug with the website...
I applied to NM yesterday and send the address [1] to my advocate.
[1] https://nm.debian.org/nmadvocate.php?email=rmolina%40udea.edu.co
I was curious about the system, so I filled the form using 'test' as
debian login... then I returned to [2], and 'test' was my advocate...
[2] https://nm.debian.org/nmstatus.php?email=rmolina%40udea.edu.co
As I don't want to see test anymore, I return to [1] and just send a
blank form... I return to [2] the info is restored to Advocate=None.
After I see I can restore to None my advocate, I tried blanking the
advocate for another user... so I tried with the first name in the list
of 'Un-assigned Applicants': Brian Pellin <[email protected]>
Using [1] I prepared a URI for bpellin [3] and sent a blank form...
[3] https://nm.debian.org/nmadvocate.php?email=bpellin%40gmail.com
after return to [4] I found Advocate=None and AdvocateCheck=Passed !
[4] https://nm.debian.org/nmstatus.php?email=bpellin%40gmail.com
I return to [3] and sent 'rmolina'...
Advocate=rmolina and AdvocateCheck=Passed!
BTW, this changes affects the TimeOfLastAction field, so I think changes
are included to DB.
Well It seems like a bug to me.... not grave, but annoying....
At least a check for blank forms seems to be missing... but then someone
can still spoof this field... is better to validate for no more changes
in this field after a passed check...
Anyway, I think this field should not be set directly from the form and
it should be filled using the advocate(s) reply(s)...
Thanks,
Ruben Molina
(Sorry, I don't remember the original value for the bpellin's advocate
so I'm setting it to none again...)
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
--- End Message ---
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
I'm hereby closing multiple bugs that applied to the former NM web
interface. Since it's been replaced, I suppose all those issues are
actually dealt with. Reopen if needed.
All the honor and thanks actually go to Enrico who did the coding and
most of the deployment. I'm merely the messenger to clean up after him.
;-)
Hauke
--
.''`. Jan Hauke Rahm <[email protected]> www.jhr-online.de
: :' : Debian Developer www.debian.org
`. `'` Member of the Linux Foundation www.linux.com
`- Fellow of the Free Software Foundation Europe www.fsfe.org
signature.asc
Description: Digital signature
--- End Message ---
