Bug 937637

Summary: opensuse-security-announce mailing list has ineffective moderation settings
Product: [openSUSE] openSUSE.org Reporter: Andreas Stieger <astieger>
Component: InfrastructureAssignee: Marcus Rückert <mrueckert>
Status: RESOLVED INVALID QA Contact: Lars Vogdt <lars.vogdt>
Severity: Normal    
Priority: P5 - None CC: jsegitz, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2015-07-10 09:14:23 UTC 
When I first posted to opensuse-security-announce, the message was moderated as expected.

However when a user replies, the message is not moderated and sent to the announce audience.

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00022.html

From: Uzair Shamim <usershaman@gmail.com>
Date: Thu, 09 Jul 2015 23:30:42 -0400
To: opensuse-security-announce@opensuse.org
Subject: Re: [security-announce] openSUSE-SU-2015:1207-1: critical: Security update for flash-player
References: <20150708150840.076AD320A4@maintenance.suse.de>
In-Reply-To: <20150708150840.076AD320A4@maintenance.suse.de>

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00021.html

Sender: Carlos Robinson <robin.listas@gmail.com>
Date: Thu, 09 Jul 2015 18:33:29 +0200
From: "Carlos E. R." <carlos.e.r@opensuse.org>
To: opensuse-security-announce@opensuse.org
Subject: Re: [security-announce] openSUSE not affected by OpenSSL CVE-2015-1793
References: <559E803F.5090100@suse.com>
In-Reply-To: <559E803F.5090100@suse.com>


Replies should be moderated (and rejected) like the original message.

Users should need to be forced to honour the Reply-to: header, commonly set to opensuse-security@opensuse.org
Comment 1 Marcus Meissner 2015-07-10 09:22:24 UTC 
Actually the reply emails were moderated, just one of the moderators approved them due to a mistake.

The mails also set:
Reply-To: opensuse-security@opensuse.org