On Tue, Jul 16, 2002 at 05:07:48PM -0700, Chuq Von Rospach wrote:
in contact with the author of a message? If the archive is scrubbed, that info is gone. And (god forbid), you get into a legal tangle? That's your legal record of what was said on the mail list and who said it. If you scrub it, and someone does something actionable or libelous and you get a court order to provide that data? You're hosed.
Nope.
As long as your policies *do not change after* you receive such an order, you are not legally liable. You're not required even to *keep8 the archives by anything I know about -- you *are* familiar with the term "retention policy", right? :-)
I come from a newspaper family, so I have a bias towards "you don't unpublish stuff, you don't change it once it's published". But I think there are good reasons to avoid sanitizing the archives, and instead sanitizing the delivery of those archives -- if only because if your policies change, all you need to change is the CGI. And it gives you the ability to set up different sets of abilities per user or per list if you want, too.
Concur. Even though it's computationally expensive, bind as late as possible.
We'd obviously have to get rid of the easy access to the raw mbox file, so another question is whether that's still useful.
Honestly? I don't think so. I find them real kludgy. I ended up doing a new archiving system (one file per message) via a perl script. We're about to take our new search engine out of beta with the thing, finally.
I hope you're de heirarchicalizing the directories.
Also, what heuristic do you use to search for email addresses, and what do you scrub them with?
Still being worked on. Right now, I'm basically doing a <wordboundary><nonwhitespace>@<nonwhitespaceordot><dot>nonwhitespace><wordbo undary>. I don't know how strongly we'll refine it.
Some places put spaces in mailbox names -- you'd better deal with quoted LHS's.
It kind of plays into Reply-To: munging doesn't it? If you won't be able to reply to the original author, because we're anonymizing messages, then you might as well munge Reply-To: to go back to the list because that's the only posting address that makes sense.
Yes (he says, grimacing).
You feel my pain. :-)
If you sanitize the archives, I don't think it affects the list. There are simply NO mailtos any more in the archives.
If you go the step further and anonymize the postings ON the list, so subscriber email addresses simply are never shown to other subscribers under any circumstances (ugh. Urp. I can't believe I'm saying that. This is so anti-community it hurts), you have no choice and reply-to has to point to the list, since it's the only contact point left.
Well, no: reply-to should be ADDRESS-REMOVED-FOR-SECURITY, and the pain should be pointed at the list admin.
If you instead turn the list server into a forwarding agent, as in:
Or should Mailman get into the anonymous resender game? There's probably a lot we could do here, but given the political risks of anonymous resenders, do we even want go there?
Is it an anonymous remailer? We're making no pretense of anonymity here. We're acting as a forwarding agent, ala hotmail.com or mac.com. You mail to id13194@python.org, and it ends up in my mailbox. The fact that we're not explicitly denoting the real email address doesn't make us an anonymous remailer -- that'd be a policy issue, actually. I suppose you could take it that step further, but you could also set it up so validated subscribers could get to the real addresses.
That would be a bit helpful, but *does* fundamentally change what the package is doing.
using the remailer address in mail that leaves the site, but a subscriber could go to the list system and look a user up. That gets us away from the politics of the anonymous stuff.
But conversely, if subs can see real addresses in real messages, you're only one step away from the harvesting problem you mentioned earlier.
Have you looked at SpamAssassin Chuq?
See my other message. SA is a good tool, if you have someone around willing to update it, monitor it, and make sure it stays up to date technologically with current releases that are updated to match the spammers changes. Do you want to require SA to be installed as a requirement for Mailman? What about sites where they don't have an admin to keep updating it?
You don't get what you don't pay for.
Chuq, it's obvious to me that that's not a good enough answer for you. but I'm afraid, even though I know you've put at least one long reply to me into trying to explain why not in the past, that I still don't get it.
Maybe it's me.
So many things are just me.
But *why isn't this the recipients' problem*?
Very few false positives too (usually it's email amongst our postmasters talking about spam or SA ;).
All it takes is one. Have you seen these stories?
I can synthesize some false-positive horror stories. But if you've got a couple handy -- with real termination notices -- let 'er rip.
World domination of course. Because we /could/ add that stuff fairly easily if we had the resources to expend on it. Would it still be useable? For some audiences yes, others no. I'm fairly sure the kind of anonymizing we're talking about would never fly in the Python and Zope community, where as it's probably essential in a less cloistered environment like lists.apple.com. Which leads me to believe that we need to make it much easier to install themes or styles of lists, from the paranoid anonymizer to the laissez-faire discussion list.
You have nailed it on the head. Which is why I brought it up. Not because this is the way it has to be in the future, but because all this is making Mailman's job a whole lot more complex (we were whining about that at work today, or at least I was and everyone was nodding sympathetically and looking for an open window -- email used to be pretty easy and straight forward. And now.....). But not just because all this crap is getting in the way, but also that fixing this crap is overkill for some environments, and going to be NOT ENOUGH in others.
Wow. Yeah, those two paragraphs capsulize it pretty well.
Glad *I'm* not the architect.
CVR> Happy Macworld Expo week, all. If you need me, I'll be in the CVR> war room, beating my head against a wall.
Any chance you could make it down to DC for a side trip? We could have a Mailman hacking sprint over a few dozen steamed Maryland blue crabs and some cold ones. :)
Damn, that sounds good, but -- I've had to give up crab and shellfish (I've developed an intermitten sensitivity to it. Sigh!) and I'm staying in cupertino where I'll be manning the war room this week making sure buttons get pushed when they need pushed, and not a minute before....
You go, boy.
Cheers,
jra
Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
"If you don't have a dream; how're you gonna have a dream come true?" -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")