Bug#590269: create a web-based submission for use with reportbug and possibly everything

To: Jean-Michel Vourgère <jmv_deb@nirgal.com>
Cc: 590269@bugs.debian.org, Stefano Zacchiroli <zack@debian.org>, Sandro Tosi <morph@debian.org>, Asheesh Laroia <asheesh@asheesh.org>
Subject: Bug#590269: create a web-based submission for use with reportbug and possibly everything
From: Don Armstrong <don@donarmstrong.com>
Date: Tue, 20 Aug 2013 11:03:57 -0700
Message-id: <[🔎] 20130820180357.GC27603@rzlab.ucr.edu>
Reply-to: Don Armstrong <don@donarmstrong.com>, 590269@bugs.debian.org
In-reply-to: <[🔎] 201308201503.28430.jmv_deb@nirgal.com>
References: <[🔎] 201308201503.28430.jmv_deb@nirgal.com>

On Tue, 20 Aug 2013, Jean-Michel Vourgère wrote:
> I'm writing a patch for reportbug, and I believe the cgi might need some minor
> tweaks:
> 
> If the bugreport is a security problem, reportbug asks whether it is an
> undisclosed vulnerability. If the answer is Yes, the report is NOT to be sent
> to submit@bugs.debian.org but rather to team@security.debian.org.
> Right now, the CGI will override the destination and publish the problem on the
> BTS, which is probably a Bad idea™.

In this case, reportbug should probably just ask people to e-mail
team@security.debian.org details instead of sending a bug report.

> Additionaly, there are a few other addresses that would be nice to
> support:
> 
> reportbug -kudos sends mail to:
>   _package_ @packages.debian.org

These aren't really necessary.

> If the security tag is present, reportbug will cc:
>  Debian Security Team <team@security.debian.org>
>  Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>

These should be X-Debbugs-Cc:.

> If the user sends additionnal information, report bug will send to
>  Debian Bug Tracking System <nnnnnn@bugs.debian.org>
> Right now the cgi will post to submit, and it might be catched by the BTS [1]
> but it would be nice to support these addresses too.

The BTS will catch these, but accepting messages to a bug would also be
allowable.

> How bad would it be to support all adresses matching *@*.debian.org in
> to: and cc:, regarding spams?

If it's not talking directly to the BTS, I basically don't want to
support it in the BTS.

I suspect that allowing the destination to be given as
destination=(nnnnn|submit|control) with a default to submit would be
sufficient.

I'm also concerned about allowing through bugs/messages which do not
correspond to a working e-mail address... so it's possible that I will
implement the CGI with some sort of cache coupled with a response.

-- 
Don Armstrong                      http://www.donarmstrong.com

America was far better suited to be the World's Movie Star. The
world's tequila-addled pro-league bowler. The world's acerbic bi-polar
stand-up comedian. Anything but a somber and tedious nation of
socially responsible centurions.
 -- Bruce Sterling, _Distraction_ p122

Reply to:

References:
- Bug#590269: create a web-based submission for use with reportbug and possibly everything
  - From: "Jean-Michel Vourgère" <jmv_deb@nirgal.com>

Prev by Date: Bug#590269: create a web-based submission for use with reportbug and possibly everything
Next by Date: Bug#720586: debbugs: SOAP: Please return also the usertag
Previous by thread: Bug#590269: create a web-based submission for use with reportbug and possibly everything
Next by thread: Bug#590269: create a web-based submission for use with reportbug and possibly everything
Index(es):
- Date
- Thread