[Mailman-Developers] Opening up a few can o' worms here...

[Jay R. Ashworth]

On Tue, Jul 16, 2002 at 05:07:48PM -0700, Chuq Von Rospach wrote:
> in contact with the author of a message? If the archive is scrubbed, that
> info is gone. And (god forbid), you get into a legal tangle? That's your
> legal record of what was said on the mail list and who said it. If you scrub
> it, and someone does something actionable or libelous and you get a court
> order to provide that data? You're hosed.

Nope.

As long as your policies *do not change after* you receive such an
order, you are not legally liable.  You're not required even to *keep8
the archives by anything I know about -- you *are* familiar with the
term "retention policy", right?  :-)

> I come from a newspaper family, so I have a bias towards "you don't
> unpublish stuff, you don't change it once it's published". But I think there
> are good reasons to avoid sanitizing the archives, and instead sanitizing
> the delivery of those archives -- if only because if your policies change,
> all you need to change is the CGI. And it gives you the ability to set up
> different sets of abilities per user or per list if you want, too.

Concur.  Even though it's computationally expensive, bind as late as
possible.

> > We'd obviously have to get rid of the easy access to the raw mbox
> > file, so another question is whether that's still useful.
> 
> Honestly? I don't think so. I find them real kludgy. I ended up doing a new
> archiving system (one file per message) via a perl script. We're about to
> take our new search engine out of beta with the thing, finally.

I hope you're de heirarchicalizing the directories.

> > Also, what heuristic do you use to search for email addresses, and
> > what do you scrub them with?
> 
> Still being worked on. Right now, I'm basically doing a
> <wordboundary><nonwhitespace>@<nonwhitespaceordot><dot>nonwhitespace><wordbo
> undary>. I don't know how strongly we'll refine it.

Some places put spaces in mailbox names -- you'd better deal with
quoted LHS's. 

> > It kind of plays into Reply-To: munging doesn't it?  If you won't be
> > able to reply to the original author, because we're anonymizing
> > messages, then you might as well munge Reply-To: to go back to the
> > list because that's the only posting address that makes sense.
> 
> Yes (he says, grimacing).

You feel my pain.  :-)

> If you sanitize the archives, I don't think it affects the list. There are
> simply NO mailtos any more in the archives.
> 
> If you go the step further and anonymize the postings ON the list, so
> subscriber email addresses simply are never shown to other subscribers under
> any circumstances (ugh. Urp. I can't believe I'm saying that. This is so
> anti-community it hurts), you have no choice and reply-to has to point to
> the list, since it's the only contact point left.

Well, no: reply-to should be ADDRESS-REMOVED-FOR-SECURITY, and the pain
should be pointed at the list admin.

> If you instead turn the list server into a forwarding agent, as in:
> 
> > Or should Mailman get into the anonymous resender game?  There's
> > probably a lot we could do here, but given the political risks of
> > anonymous resenders, do we even want go there?
> 
> Is it an anonymous remailer? We're making no pretense of anonymity here.
> We're acting as a forwarding agent, ala hotmail.com or mac.com. You mail to
> id13194@python.org, and it ends up in my mailbox. The fact that we're not
> explicitly denoting the real email address doesn't make us an anonymous
> remailer -- that'd be a policy issue, actually. I suppose you could take it
> that step further, but you could also set it up so validated subscribers
> could get to the real addresses.

That would be a bit helpful, but *does* fundamentally change what the
package is doing.

> using the remailer address in mail that leaves the site, but a subscriber
> could go to the list system and look a user up. That gets us away from the
> politics of the anonymous stuff.

But conversely, if subs can see real addresses in real messages, you're
only one step away from the harvesting problem you mentioned earlier.

> > Have you looked at SpamAssassin Chuq?
> 
> See my other message. SA is a good tool, if you have someone around willing
> to update it, monitor it, and make sure it stays up to date technologically
> with current releases that are updated to match the spammers changes. Do you
> want to require SA to be installed as a requirement for Mailman? What about
> sites where they don't have an admin to keep updating it?

You don't get what you don't pay for.

Chuq, it's obvious to me that that's not a good enough answer for you.
but I'm afraid, even though I know you've put at least one long reply
to me into trying to explain why not in the past, that I still don't
get it.

Maybe it's me.

So many things are just me.

But *why isn't this the recipients' problem*?

> > Very few false positives too (usually it's
> > email amongst our postmasters talking about spam or SA ;).

> All it takes is one. Have you seen these stories?

I can synthesize some false-positive horror stories.  But if you've got
a couple handy -- with real termination notices -- let 'er rip.

> > World domination of course.  Because we /could/ add that stuff fairly
> > easily if we had the resources to expend on it.  Would it still be
> > useable?  For some audiences yes, others no.  I'm fairly sure the
> > kind of anonymizing we're talking about would never fly in the Python
> > and Zope community, where as it's probably essential in a less
> > cloistered environment like lists.apple.com.  Which leads me to
> > believe that we need to make it much easier to install themes or
> > styles of lists, from the paranoid anonymizer to the laissez-faire
> > discussion list.
> 
> You have nailed it on the head. Which is why I brought it up. Not because
> this is the way it has to be in the future, but because all this is making
> Mailman's job a whole lot more complex (we were whining about that at work
> today, or at least I was and everyone was nodding sympathetically and
> looking for an open window -- email used to be pretty easy and straight
> forward. And now.....). But not just because all this crap is getting in the
> way, but also that fixing this crap is overkill for some environments, and
> going to be NOT ENOUGH in others.

Wow.  Yeah, those two paragraphs capsulize it pretty well.

Glad *I'm* not the architect.

> >   CVR> Happy Macworld Expo week, all. If you need me, I'll be in the
> >   CVR> war room, beating my head against a wall.
> > 
> > Any chance you could make it down to DC for a side trip?  We could
> > have a Mailman hacking sprint over a few dozen steamed Maryland blue
> > crabs and some cold ones. :)
> 
> Damn, that sounds good, but -- I've had to give up crab and shellfish (I've
> developed an intermitten sensitivity to it. Sigh!) and I'm staying in
> cupertino where I'll be manning the war room this week making sure buttons
> get pushed when they need pushed, and not a minute before....

You go, boy.

Cheers,
- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")