On Saturday, Oct 25, 2003, at 00:39 Europe/Rome, Noel J. Bergman wrote:
Stefano,
+1
Looks like a good plan that takes the ForrestBot idea, builds on it,
integrates other things, seems secure and scalable, provides the opportunity
for "anyone" to help write documentation, but provides multiple points
oversight.
Yep, that's the idea. I'm glad that you like it too.
The proposed workflow institutionalizes RTC,
RTC?
but the project can
always revert a change if others disagree with the decision to approve the
change.
Exactly.
I do think that we want to try to enure that we have sufficient security in
the system to prevent someone from making an unwanted change and then
spoofing an approval.
absolutely
Perhaps we could require SMTP AUTH over SSL for the moderators?
Hmmm, I don't really see how this would help. The information to secure is the continuation ID which is passed along with the email. If you are not part of the moderation list, you don't get that email.
don't know, maybe I'm missing something, but what do you think a possible attack could be?
-- Stefano.
