2009/8/11 Karl Fogel <[email protected]>: > Martin Pool <[email protected]> writes: >> Someone should reply to the rest of them. > > I responded to the questions there, and closed off the thread. It's > clear that getting Emacs to use the Launchpad bug tracker would require > a lot of effort. It's not worth weeks of anyone's time, which is what > it would take (based on the thread). > > It did raise some interesting points about how we could do spam > filtering less obtrusively. For example, instead of requiring a > pre-registered email address and/or GPG-signing, why not just require > that emails to the bug tracker contain a magic string, in the form of a > command, e.g., " launchpad-tracker human"? That would allow anyone to > file bugs by email, but still make spammers vanishingly unlikely (since > they'd have to read the documentation to know how to send a successful > mail).
It's a 'smartest bears' problem http://www.schneier.com/blog/archives/2006/08/security_is_a_t.html In my opinion and in rough order of priority: * Add a pervasive 'flag for review' * Check things like DomainKeys and treat them as trusted mail, or perhaps nearly-as-trusted as gpg * When someone wants to ask a question (or maybe file a bug) have a guided implicit account creation - just ask for their address and later confirm it, but let them do the interaction first. * When someone first interacts with Launchpad from a previously unknown address, reply by mail to ask if they really sent mail, and if they do implicitly create an account and confirm that address - a bit like Mailman does. You would also need to handle people accidentally creating a second account that way so it's a bit complicated. I don't think the last is very important. -- Martin <http://launchpad.net/~mbp/> _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
