[Mailman-Developers] bugtraq submission warning: email address harvesting exploit

Richard Barrett r.barrett at openinfo.co.uk
Sat Nov 29 14:43:48 EST 2003 

On 29 Nov 2003, at 14:55, J C Lawrence wrote:

> On Sat, 29 Nov 2003 14:40:48 +0000
> Richard Barrett <r.barrett at openinfo.co.uk> wrote:
>> On 29 Nov 2003, at 13:32, J C Lawrence wrote:
>>> On Sat, 29 Nov 2003 07:12:45 +0000 Richard Barrett
>>> <r.barrett at openinfo.co.uk> wrote:
>>>> On 29 Nov 2003, at 00:48, J C Lawrence wrote:
>
>>> For me, and (possibly) for Mailman v3, critical.  I use Message IDs
>>> as a primary key for my list archives, indexing and several other
>>> bits.  Changing them, at any point, breaks that.
>
>> I confess I was not gazing that far into the future and, not being a
>> Mailman developer, have no influence or knowledge of the architecture
>> of Mailman v3.
>
> This area was discussed on this list extensively a few weeks ago.  I
> suggest reading the archives.

Hey, I just produced a quick hack and if you do not like the patch then 
do not use it. If you have not twigged it yet, all of my Mailman 
patches are to address here and now issues, either bugs or 
functionality requirements, in the current stable release. Talking of 
functionality that is months ahead is not my purpose as I know that 
Mailman developers are not interested in my input about major new 
releases.

>
>> However, offering an immediate fix for an arguably valid criticism of
>> the current stable release that would not have a major destabilizing
>> effect on that stable release seems worthwhile to me.
>
> Fair dinkum, and I've not argued otherwise.

It was square bunkum when I lived in oz. But by pressing on the v3 
issues that is precisely what you are doing. The value of this patch is 
now and maybe acitvating it is only worthwhile for some of the MM user 
community. The working assumption has to be that any decent major 
redesign of MM will obsolete it.

>
>> It seems from what you say that your archiving and indexing solution
>> is not standard Mailman internal pipermail archiving so the poor fit
>> of the solution offered with your system is unsurprising.
>
> The archiving system I use is also what I've advocated for Mailman v3,
> with some level of buy-in.

Congratulations. None of my maintained patches for current Mailman 
stable releases have a place in to Mailman's future but as they meet my 
current needs I am happy to publish them for users to make their own 
choice. I'm equally happy to stop if nobody else wants them or when I 
no longer have need of them myself. Maybe, hopefully, v3 MM will fix 
certain issues so that I will not have expend effort in the future.

>
>> Bear in mind that the patch only affects the data delivered in
>> response to HTTP requests.
>
> Right, one of the levels I use Message IDs is the user-level, in HTML,
> in archives, in URLs, and in raw messages.  Users regularly quote
> Message IDs in their messages as text strings ala:
>
>   Have a look at message
>   059F1F1D-227A-11D8-89F4-000A957C9A50 at openinfo.co.uk as it goes into
>   this area further and explains several of the bits you are asking
>   about.
>

You really are too clever for me. As I said, if patch doesn't fit do 
not use it. I do not much care one way or the other. My patch can 
fester on sourceforge, not being incorporated into Mailman, until it is 
obsolete and I shall not lose a minutes sleep about that.

> -- 
> J C Lawrence
> ---------(*)                Satan, oscillate my metallic sonatas.
> claw at kanga.nu               He lived as a devil, eh?
> http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
>


-----------------------------------------------------------------------
Richard Barrett                               http://www.openinfo.co.uk

More information about the Mailman-Developers mailing list