Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Dec 2002 20:29:38 -0800
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Leo Bicknell <bicknell@ufp.org>
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: How can I post a pr when my IP can't be reverse-resolved?
Message-ID:  <3DFC0532.BE107961@mindspring.com>
References:  <3DFA09A2.C5B0103B@mindspring.com> <20021213190634.GA60400@ussenterprise.ufp.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Leo Bicknell wrote:
> > Probably, the correct thing would be to accept the submission,
> > and pend it for review, before it became active as a real PR.
> > This would require that a human look at the pending PRs, and
> > make a decision.
> 
> Or, do the mailing-list confirm thing.  Receive all pr's, send
> e-mail back to the "from" asking for confirmation.  If received
> put into the queue, if not delete after n days.
> 
> That way you could send a pr from a quite screwed up box with a
> from of your normal e-mail, and then simply confirm it.

This would have the same problem with people being able to pee in
the PR pool, and specify mailing lists as the return address, and
then respond to the query sent to the list with a forged reply.

I think the only thing that will work is a human review with a
posting latency.  Everything else has a security race in it.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DFC0532.BE107961>