For security or similar important and dangerous bugs is a way neded, to
create a hidden bug report, otherwise eg an possible exploit would be
immediantly free visible
I'm open to suggestions on how to implement this.
A special Tag in the subject of the mail and/or the possibity to add a tag to the confirmation mail.
That would also open the possibility to manually add tags to the bug reports
Would require some work for per-tag html generation, but shouldn't be
too hard to do otherwise.
Sorry, replied to the wrong message, subject got deleted [Reporting that
Subject: SECURITY: a bug report can execute a shell command
Content: You need only to place a command in $( )
This bug would then be hidden for security reasons, other possible tags could be PRIVACY, when a report needs private or otherwise informations which should not be shared, even local configurations are sensitive
And (or only) a tag HIDDEN, when any other tag is not applicable
<a href="https://minetest.bananach.space" >This is an attempt at HTML injection</a>
The tag should similar be usable in the confirmation mail like this:
> Your bug has been registered. To prevent spam, you need to
> confirm it by answering to this message with the following
> confirmation id: XXXXXXXXXXXXXXXX. Just hitting reply
> should work.