On Mon, Jan 19, 2015 at 7:32 PM, Russell Stuart wrote: > In other words the current system contains robust defences against such > an attack. All I (and I presume Ben) are saying is removing those > defences is not a good idea, given it's easy enough to design a system > that keeps them. Currently most of the auto subscription proposals > appearing here do remove them.
My statement was more in reference to Don's prior discussion on this topic. A while ago (not in this thread) he mentioned the possibility of requiring the confirmation step only for the first mail to the bts from a previously unknown address. So anyway, nnnnnn-subscribe can be used to spam confirmation messages currently, and general mail to the bts from an unknown address will end up doing the same, but it's basically a non-issue because it's a rather uninteresting thing to do for anyone that might consider wanting to do it. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mp-z3bwhexyxvtmq1fnqqdt6l-8grrrfexhq_wx2ym...@mail.gmail.com