[pydotorg-www] Repeated outages of python.org
Michael Foord
mfoord at python.org
Mon Jul 25 13:39:45 CEST 2011
On 25/07/2011 12:26, M.-A. Lemburg wrote:
> Michael Foord wrote:
>> On 25/07/2011 11:52, M.-A. Lemburg wrote:
>>> Michael Foord wrote:
>>>> On 25/07/2011 10:10, M.-A. Lemburg wrote:
>>>>> Hi Michael,
>>>>>
>>>>> Michael Foord wrote:
>>>>>> On 25/07/2011 09:56, M.-A. Lemburg wrote:
>>>>>>> Could one of the list admins please turn the list archive
>>>>>>> of the pydotorg-www list into a private one ?
>>>>>>>
>>>>>>> I don't think it's a good idea to let our setup information leak
>>>>>>> to the Internnet via search engines.
>>>>>> The *point* of pydotorg-www is that it is a public list. Private
>>>>>> information should be sent to pydotorg not pydotorg-www.
>>>>> I was only talking about the archives, not making it a private
>>>>> list altogether.
>>>> Sure, but losing public archives, and the ability to use search engines
>>>> to search the archives is a big loss.
>>>>
>>>> We don't make the archives of other public lists private because someone
>>>> sent an email they shouldn't have done - in fact we generally refuse to
>>>> even remove those emails from the archive.
>>> Right, but this mailing list is special in the sense that it
>>> discusses an important piece of the Python infrastructure.
>>>
>>> Unlike other mailing lists where such leakage usually only has impact
>>> on the one accidentally sending it, it can cause potential harm to
>>> the PSF servers in case of this list.
>> Does the information leaked present a real risk?
> If you look through the archives, it's very easy to find out about
> the infrastructure setup being used to run python.org. Take e.g.
> this thread as example:
>
> http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results
>
> Thomas' email has revealed more information in that direction.
> It's not a direct risk, though.
>
>> I have a very strong
>> preference for keeping the archives public unless we absolutely have to.
>> I'd rather offending messages were scrubbed from the archive than the
>> list archives made private.
> That's not possible, I'm afraid, since the list archives on python.org
> are not only being picked up by Google, but also other sites which
> then co-host them, e.g.
>
> http://markmail.org/search/?q=pydotorg-www#query:pydotorg-www
> list%3Aorg.python.pydotorg-www+page:1+state:facets
> http://www.mail-archive.com/pydotorg-www@python.org/info.html
> http://blog.gmane.org/gmane.comp.python.pydotorg-www
>
That's only if the archives are left long enough for the spiders to pick
them up. Not guaranteed to prevent information leakage but may be
sufficient in individual cases.
>>> BTW: How often do you actually search on this mailing list ?
>>>
>> What I often do is browse the archives, having to log in is a nuisance.
>> I also link to discussions on the list - making them private effectively
>> prevents that as people have to join the list just to view the
>> archives. Occasionally when I can't find a particular discussion I use
>> search to find it.
> Well, then what do you recommend to keep such infos off the net ?
>
Not posting them to a public list! Plus having policies and security
infrastructure in place that does not allow harm due to accidental
revealing of information.
This could just as easily have been posted to python-list or some other
public list, we should have policies in place to cope with this.
Whatever those policies are should apply to this list.
Michael
--
http://www.voidspace.org.uk/
May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html
More information about the pydotorg-www
mailing list