Date: Sat, 14 Dec 2002 20:29:38 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Leo Bicknell <bicknell@ufp.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: How can I post a pr when my IP can't be reverse-resolved? Message-ID: <3DFC0532.BE107961@mindspring.com> References: <3DFA09A2.C5B0103B@mindspring.com> <20021213190634.GA60400@ussenterprise.ufp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Leo Bicknell wrote: > > Probably, the correct thing would be to accept the submission, > > and pend it for review, before it became active as a real PR. > > This would require that a human look at the pending PRs, and > > make a decision. > > Or, do the mailing-list confirm thing. Receive all pr's, send > e-mail back to the "from" asking for confirmation. If received > put into the queue, if not delete after n days. > > That way you could send a pr from a quite screwed up box with a > from of your normal e-mail, and then simply confirm it. This would have the same problem with people being able to pee in the PR pool, and specify mailing lists as the return address, and then respond to the query sent to the list with a forged reply. I think the only thing that will work is a human review with a posting latency. Everything else has a security race in it. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DFC0532.BE107961>