[Mailman-Developers] Opening up a few can o' worms here...

Chuq Von Rospach chuqui@plaidworks.com
Tue, 16 Jul 2002 19:57:44 -0700 

On 7/16/02 5:49 PM, "Jay R. Ashworth" <jra@baylink.com> wrote:

> On Tue, Jul 16, 2002 at 05:07:48PM -0700, Chuq Von Rospach wrote:
>> in contact with the author of a message? If the archive is scrubbed, that
>> info is gone. And (god forbid), you get into a legal tangle?

> the archives by anything I know about -- you *are* familiar with the
> term "retention policy", right?  :-)

True, but let me rephrase with the situation I should have used in the first
place. Two of your users get into a fight on the list. One of them finally
says some variation of "you are a dead man". Three weeks later, the other
guy's house burns down because of arson, and all you have is an archive with
no identifying information in it....

>> archiving system (one file per message) via a perl script. We're about to
>> take our new search engine out of beta with the thing, finally.
> 
> I hope you're de heirarchicalizing the directories.

I'm confused. What are you suggesting?

(FWIW, our structure is <listname>/yyyy/mm/dd/)

> Some places put spaces in mailbox names -- you'd better deal with
> quoted LHS's. 

I know. That's one of the things we need to evaluate still.

>> If you go the step further and anonymize the postings ON the list, so
>> subscriber email addresses simply are never shown to other subscribers under
>> any circumstances (ugh. Urp. I can't believe I'm saying that. This is so
>> anti-community it hurts), you have no choice and reply-to has to point to
>> the list, since it's the only contact point left.
> 
> Well, no: reply-to should be ADDRESS-REMOVED-FOR-SECURITY, and the pain
> should be pointed at the list admin.

No, I don't agree. You still, at least in theory, want users to have a
conversation. But by cloaking on the address, you are, effectively, forcing
that conversation to go through the list under all circumstances. So
reply-to should go to the list, not the admin.

>> that step further, but you could also set it up so validated subscribers
>> could get to the real addresses.
> 
> That would be a bit helpful, but *does* fundamentally change what the
> package is doing.

Yeah. It's a fairly significant hunk o' code, AND it requires, basically,
that '*@some.domain' be forwarded to the server for processing. Or at a very
minimum, an LDAP lookup for valid addresses, because trying to manage that
as an alias file or some static structure would be deadly.

>> using the remailer address in mail that leaves the site, but a subscriber
>> could go to the list system and look a user up. That gets us away from the
>> politics of the anonymous stuff.
> 
> But conversely, if subs can see real addresses in real messages, you're
> only one step away from the harvesting problem you mentioned earlier.

Yes, but it keeps it out of those !@#$@%@$#@!@#@! automatic caches. And in
theory, you could tell if someone started harvesting, because the system
could be taught to watch for systematic walks through the database.

> Chuq, it's obvious to me that that's not a good enough answer for you.
> but I'm afraid, even though I know you've put at least one long reply
> to me into trying to explain why not in the past, that I still don't
> get it.
> 
> Maybe it's me.

No, it's that we're still hashing things out, and a number of things, in
general, just aren't clear (or resolved)

> But *why isn't this the recipients' problem*?

Or more correctly, why isn't it ONLY the recipient's problem?

Two reasons:

1) I (as the list admin to the recipient) am offering a service. I strongly
believe that if I'm offering a service, I have an ethical (if not legal)
responsibility to make that service as problem free as possible. To me, the
alternative is the same as selling toasters that aren't US approved because
I feel it's the buyer's responsibilty to make sure they aren't electrocuted.
Now, I think it's ALSO the buyer's responsibilty to be aware of the risk of
electrocution, but that doesn't remove the responsibility from me to not
sell  them a cheap, shoddy toaster.

1.5) Having said that as list admin -> recipient, iterate and I feel the
same is true of "mail list developer" -> list admin. Because...

2) I feel it is a responsibility of the experts to do what they can to take
care of the not-so-experts. Since we (the developers) are the experts. We
have the ability to build systems to deal with this, and so I feel we
should, so that people who aren't as capable can benefit as well. Saying
"it's his responsibility" only works as long as "he" can ALSO do what we do
and knows what we know, and that's clearly not a true assumption. So saying
that is really not assigning responsibility, but ducking it. That doesn't
means we ought to solve all of the problems in the universe, but we are the
folks most qualified to understand and solve these things -- so we should.

It's easy to say "every man for themselves" when you're at the top of the
food chain, because you CAN do it. But I think it avoids the real
responsibility by making the false assumption that it's just as simple for
others to do it, too. If it was, we wouldn't be at the top of the food
chain, wouldn't we? Instead, I see it as a rationalization to avoid having
to do the work needed so that others can also use it.

If everyone had the same skill set, Jay, I'd agree with you. But they don't.
And the nice thing is, some of those people are at the top of the food chain
in other skillsets, and we get to benefit from what they know. And if they
were all off trying to learn what we already know, they probably wouldn't
have the time or energy to build things in their expertise we can benefit
from, so it all evens out at the end.

Imagine if Tim Berners-Lee was too busy writing spamblock software to invent
the browser.... I see us leveraging our expertise as a way to make sure some
other expert gets to leverage their expertise so that whatever they can
invent actually gets invented -- rather than sidetracked by something we
could have saved them from but didn't, because we were self-focused.

>> All it takes is one. Have you seen these stories?
> 
> I can synthesize some false-positive horror stories.  But if you've got
> a couple handy -- with real termination notices -- let 'er rip.

I can't give any definite examples to protect the people involved, but I
know of a couple of people who've had their careers significantly impacted
because of this stuff. Maybe not fatal, but third degree burns.

-- 
Chuq Von Rospach, Architech
chuqui@plaidworks.com -- http://www.chuqui.com/

He doesn't have ulcers, but he's a carrier.