On Sun, Jul 03, 2016 at 09:27:46AM +0200, Peter Palfrader wrote: > when advocating somebody, the nm.d.o interface creates a mail to the > nm list in the name of the advocate (candidate, etc.). It apparently > does that by picking the first UID off the signing key and using that > as a From: address. > > The generated mail does not have a Sender: header, and the email > address it picks as From: might not be the one that is used by > the advocate in a Debian context. > > Maybe the interface should > 1) add a Sender: header, > 2) not use the advocate's email address as From:, instead it might > do something similar to RT and use for instance > "From: Peter Palfrader via nm.debian.org <n...@debian.org>", and > 3) it could Bcc the advocate so they get a copy of the mail too.
I started working on this in branch b829419. The plan is, first, to split email from email_ldap, the former is used by the site (to send notifications, as From: address to -newmaint, as recipient for gpg-encrypted HMAC confirmation tokens). This should solve the (imo) most urgent issue that is that there could be an unexpected disclosure of an email address. About points 1 and 2, my goal with using the address in From: is to make it so that replies to that mail can reach the advocate. Would it work if I used n...@debian.org as From: and the advocate's email as Sender? Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enr...@enricozini.org>
signature.asc
Description: PGP signature