[Mailman-Developers] bugtraq submission warning: email address harvesting exploit

[J C Lawrence]

On Sat, 29 Nov 2003 14:40:48 +0000 
Richard Barrett <r.barrett at openinfo.co.uk> wrote:
> On 29 Nov 2003, at 13:32, J C Lawrence wrote:
>> On Sat, 29 Nov 2003 07:12:45 +0000 Richard Barrett
>> <r.barrett at openinfo.co.uk> wrote:
>>> On 29 Nov 2003, at 00:48, J C Lawrence wrote:

>> For me, and (possibly) for Mailman v3, critical.  I use Message IDs
>> as a primary key for my list archives, indexing and several other
>> bits.  Changing them, at any point, breaks that.

> I confess I was not gazing that far into the future and, not being a
> Mailman developer, have no influence or knowledge of the architecture
> of Mailman v3. 

This area was discussed on this list extensively a few weeks ago.  I
suggest reading the archives.

> However, offering an immediate fix for an arguably valid criticism of
> the current stable release that would not have a major destabilizing
> effect on that stable release seems worthwhile to me.

Fair dinkum, and I've not argued otherwise.

> It seems from what you say that your archiving and indexing solution
> is not standard Mailman internal pipermail archiving so the poor fit
> of the solution offered with your system is unsurprising.

The archiving system I use is also what I've advocated for Mailman v3,
with some level of buy-in.

> Bear in mind that the patch only affects the data delivered in
> response to HTTP requests. 

Right, one of the levels I use Message IDs is the user-level, in HTML,
in archives, in URLs, and in raw messages.  Users regularly quote
Message IDs in their messages as text strings ala:

  Have a look at message
  059F1F1D-227A-11D8-89F4-000A957C9A50 at openinfo.co.uk as it goes into
  this area further and explains several of the bits you are asking
  about.

-- 
J C Lawrence
---------(*)                Satan, oscillate my metallic sonatas.
claw at kanga.nu               He lived as a devil, eh?
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.