Hi there, again. New thread, new question. As all of we know, there ain't an easy way to do email identity validation. Still, we really on email to post/comment to Launchpad.
For an user to post on LP, via web browser, he as to authenticate him/her self with his/her credentials under an SSL cert. But ANYONE can just send any comment via email to a Bug report or Answer, by simply replying to a static LP address. Any identity can be easy forged, AFAICS, and cause temporary missinformation by seeming a legit source of information. It would not be very nice to see fake comments from Mark or any other Canonical member adding feedback to LP. I can suggest one idea: sent emails should have a "salt" part that would be specific to every user and every bug. That way it would not be as easy for someone to just forge the To field. I also know, that this implementation would require a lot of new coding to the email system, and a really large database table just to store the relation of userid, bug/answer and salt. But Security and Trust should be taken into account. Thanks for you time, hope this helps and shed some light on this subject. PS: is there any test server, where one could do this time of tests (forging To, OpenSPF, etc) ? -- BUGabundo :o) (``-_-´´) http://Ubuntu.BUGabundo.net Linux user #443786 GPG key 1024D/A1784EBB My new micro-blog @ http://BUGabundo.net
signature.asc
Description: This is a digitally signed message part.
-- launchpad-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/launchpad-users
