On Thursday 05 December 2013 09:50:00 Stephan Kulow wrote:
On 05.12.2013 09:44, Andreas Jaeger wrote:
On 12/05/2013 09:24 AM, Stephan Kulow wrote:
On 03.12.2013 21:24, Stephan Kulow wrote:
The first step will be to send mails for review - which does not work
I deployed that now and sent out some emails - before disabling it again.
So factory reviewers should have got some email - please review their content and let's find ways to improve them.
Can I reply to the review email with "approve" or comment on it?
Then we would need to think of a way to transmit secrets in the reply-to header, so I can be more certain that it's you. I don't really like trusting emails. It might be ok for comments added, but surely not for commands.
Yeah, usually you would have to generate (and store) a secret for every mail for which you could reply to and trigger some server-side code. That secret then would have to be valid only for a certain amount of time and you have to do all kinds of server-side checks (mail headers, the secret). It's like a "reset password" URL. IMO later, let the notification be finalized first. -- With kind regards, Sascha Peilicke SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg)