Bug workflow - a wider view
Scott Kitterman
ubuntu at kitterman.com
Fri Jul 6 13:29:18 BST 2007
On Friday 06 July 2007 05:41, Ian Jackson wrote:
> Christian Robottom Reis writes ("Re: Bug workflow - a wider view"):
> > Thanks for sharing your concerns. We'll be sure to be tactful when
> > actually implementing this; it's more likely that the first step will
> > just to make it easier for an end-user with credentials in the remote
> > bug tracker to file the bug [...]
>
> That is precisely the most sensitive thing to be doing.
>
> > In the case of Debian I guess this doesn't mean anything apart from
> > using the end-user's From: address in the email sent to file the bug,
> > but that's effectively what they use for credentials there AIUI.
>
> You seem to have completely missed my point.
>
> Debian are going to be _very upset_ if you arrange for Launchpad to
> send bug submission mails to the Debian BTS without getting a
> go-ahead from Debian. The fact that you're doing it on behalf of some
> user and putting their name in the From: doesn't help address that.
Additionally, most bug reporters have very little idea how to determine if a
bug should be reported to Debian or not. So, even after you've navigated the
dangers above (and I agree with Ian), this still makes it easier for Debian
maintainers to get annoyed with us for getting bugs that can be very
problematic for them to deal with.
Finally, e-mail anti-forgery technologies such as SPF (and DKIM once they get
their policy component designed) need to be considered in the design of such
a service. If you don't you may end up undermining the credibility of LP as
a source of bug reports because the credential (the e-mail address) gets used
outside the scope of what the domain owner has authorized.
Scott K
More information about the ubuntu-devel
mailing list