Re: Spam on Debian lists

[Michael Fothergill]

On 21 April 2017 at 03:11, Cindy-Sue Causey 
wrote:

> On 4/20/17, Ben Finney  wrote:
> > Patrick Bartek  writes:
> >
> >> On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
> >> wrote:
> >>
> >> > fc:
> >> > > Why not just restrict it to people who have subscribed?
> >> >
> >> > Because this excludes use cases that are deemed valid by the list
> >> > masters.
> >>
> >> Like what?
> >
> > I can't speak for the list masters, but I can speak for use cases that
> > would exclude that I find valid:
> >
> > * Posting from a service (such as a mailing list aggregator) which
> >   presents a single interface accessible without an email client.
> >
> > * Posting by people who we want to participate in the discussion, but
> >   who do not (yet) see the benefit to themselves of going through a
> >   subscription process.
>

​E.g. a post from Linus Torvalds, Lennart Poettering or a closed source
processed meat canned foods manufacturer that wanted to make a donation  to
the Debian Foundation.

Point Taken

MF​


> >
> > * Cross-posting on multiple forums when a discussion involves parties
> >   outside Debian, and we don't want the discussion balkanised with some
> >   people's responses rejected.
>
>
> I can't point to real World examples, but I've seen multiple instances
> of that last one occurring. Those not subscribed bore email addresses
> from extremely "top tier" tech companies
>
> The topics varied, but it would be conversations regarding things such
> as attempting to obtain more universal compatibility between Debian
> and non-free hardware. *Something* like that
>
> Just thinking out loud... :)
>
> Cindy
>
> --
> Cindy-Sue Causey
> Talking Rock, Pickens County, Georgia, USA
>
> * runs with duct tape *
>
>

Re: Spam on Debian lists

[Dan Norton]

On 04/20/2017 05:52 PM, Patrick Bartek wrote:

On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
wrote:


fc:

Actually -- does anyone monitor this list for this type of stuff?

You have no idea *how much* spam is blocked by the work of the list
masters. But it's not that anybody monitors all of the almost 300
Debian lists¹ with thousands of posts each day.


I see these types of things come through periodically -- and 1
delete on the front end could prevent a lot of woe.

Your help is appreciated:
https://wiki.debian.org/Teams/ListMaster/ListArchiveSpam

Obviously, this only affects the archive after all subscribers already
received the spam message. Moderating all Debian lists is not a job
that anybody wants to do (and it wouldn't even be appreciated).


*Even more so* -- it seems like unauthorized users can email this
list?

Why not just restrict it to people who have subscribed?

Because this excludes use cases that are deemed valid by the list
masters.
  
Like what?


Why not this:  To post or reply to the list, you must be
a subscriber; but to read/browse (even search archives, etc.), you
do not. This is the way most of the lists I've been involved with have
been set up.  Works quite well controlling spurious posting by 'bots.
One list I used required annual renewal..

B



+ 1

 - Dan

Re: Spam on Debian lists (was: Actually)

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, Apr 20, 2017 at 02:52:39PM -0700, Patrick Bartek wrote:
> On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
> wrote:
> 
> > fc:
> > >
> > > Actually -- does anyone monitor this list for this type of stuff?
> > 
> > You have no idea *how much* spam is blocked by the work of the list
> > masters [...]

(not the OP, but -- thanks for that, BTW!)

> > > Why not just restrict it to people who have subscribed?
> > 
> > Because this excludes use cases that are deemed valid by the list
> > masters.
>  
> Like what?
> 
> Why not this:  [...]

You'd think this hasn't all been discussed. But it has. Extensively.
*If* you want to re-hash it here, then please, please: do some
homework first. Use your favourite search engine and try to dig up
some previous discussion.

The list's openness is *by design*, not by mistake. It's not because
all of "them" didn't come up with the Right Idea(TM)

Yes, sounds a bit harsh and all. But if you don't do some research
we're stuck in an endless loop.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlj5tMYACgkQBcgs9XrR2kYYagCdFiuHX7DqllpZmIEpMsRTjvP1
ELUAn06Idn8t0fUNYuwRjUN051OtrubY
=o+Za
-END PGP SIGNATURE-

Re: Spam on Debian lists

[Cindy-Sue Causey]

On 4/20/17, Ben Finney  wrote:
> Patrick Bartek  writes:
>
>> On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
>> wrote:
>>
>> > fc:
>> > > Why not just restrict it to people who have subscribed?
>> >
>> > Because this excludes use cases that are deemed valid by the list
>> > masters.
>>
>> Like what?
>
> I can't speak for the list masters, but I can speak for use cases that
> would exclude that I find valid:
>
> * Posting from a service (such as a mailing list aggregator) which
>   presents a single interface accessible without an email client.
>
> * Posting by people who we want to participate in the discussion, but
>   who do not (yet) see the benefit to themselves of going through a
>   subscription process.
>
> * Cross-posting on multiple forums when a discussion involves parties
>   outside Debian, and we don't want the discussion balkanised with some
>   people's responses rejected.


I can't point to real World examples, but I've seen multiple instances
of that last one occurring. Those not subscribed bore email addresses
from extremely "top tier" tech companies

The topics varied, but it would be conversations regarding things such
as attempting to obtain more universal compatibility between Debian
and non-free hardware. *Something* like that

Just thinking out loud... :)

Cindy

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: Spam on Debian lists

[Ben Finney]

Patrick Bartek  writes:

> On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
> wrote:
>
> > fc:
> > > Why not just restrict it to people who have subscribed?
> > 
> > Because this excludes use cases that are deemed valid by the list
> > masters.
>
> Like what?

I can't speak for the list masters, but I can speak for use cases that
would exclude that I find valid:

* Posting from a service (such as a mailing list aggregator) which
  presents a single interface accessible without an email client.

* Posting by people who we want to participate in the discussion, but
  who do not (yet) see the benefit to themselves of going through a
  subscription process.

* Cross-posting on multiple forums when a discussion involves parties
  outside Debian, and we don't want the discussion balkanised with some
  people's responses rejected.

There are likely others, but that seems enough to answer the question.

-- 
 \   “The apparent lesson of the Inquisition is that insistence on |
  `\ uniformity of belief is fatal to intellectual, moral, and |
_o__)spiritual health.” —_The Uses Of The Past_, Herbert J. Muller |
Ben Finney

Re: Spam on Debian lists

[Joe Pfeiffer]

Joel Rees  writes:

> On Fri, Apr 21, 2017 at 6:52 AM, Patrick Bartek  wrote:
>> On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
>> wrote:
>>
>>> fc:
>>> >
>>> > Actually -- does anyone monitor this list for this type of stuff?
>>>
>>> You have no idea *how much* spam is blocked by the work of the list
>>> masters. But it's not that anybody monitors all of the almost 300
>>> Debian lists¹ with thousands of posts each day.
>>>
>>> > I see these types of things come through periodically -- and 1
>>> > delete on the front end could prevent a lot of woe.
>>>
>>> Your help is appreciated:
>>> https://wiki.debian.org/Teams/ListMaster/ListArchiveSpam
>>>
>>> Obviously, this only affects the archive after all subscribers already
>>> received the spam message. Moderating all Debian lists is not a job
>>> that anybody wants to do (and it wouldn't even be appreciated).
>>>
>>> > *Even more so* -- it seems like unauthorized users can email this
>>> > list?
>>> >
>>> > Why not just restrict it to people who have subscribed?
>>>
>>> Because this excludes use cases that are deemed valid by the list
>>> masters.
>>
>> Like what?
>>
>> Why not this:  To post or reply to the list, you must be
>> a subscriber; but to read/browse (even search archives, etc.), you
>> do not. This is the way most of the lists I've been involved with have
>> been set up.  Works quite well controlling spurious posting by 'bots.
>> One list I used required annual renewal..
>
> How do you limit posts to subscribers?
>
> Login?
> Subscriber list?

Yes, that's easily done -- check the From: against the subscriber list.

That isn't perfect; a list I administer gets occasional spam from the
forged email address of a subscriber; the list is so incredibly low
volume that it's OK for me to just moderate it.  That wouldn't be the
case here.

> What happens when you need an answer, but you don't have access to a
> functional machine that you can trust?
>
> Also, I think there is a web forum that functions more or less as you 
> describe:
>
> http://forums.debian.net/

Re: Spam on Debian lists

[Joe Pfeiffer]

Patrick Bartek  writes:

> On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
> wrote:
>
>> fc:
>> >
>> > Actually -- does anyone monitor this list for this type of stuff?
>> 
>> You have no idea *how much* spam is blocked by the work of the list
>> masters. But it's not that anybody monitors all of the almost 300
>> Debian lists¹ with thousands of posts each day.
>> 
>> > I see these types of things come through periodically -- and 1
>> > delete on the front end could prevent a lot of woe.
>> 
>> Your help is appreciated:
>> https://wiki.debian.org/Teams/ListMaster/ListArchiveSpam
>> 
>> Obviously, this only affects the archive after all subscribers already
>> received the spam message. Moderating all Debian lists is not a job
>> that anybody wants to do (and it wouldn't even be appreciated).
>> 
>> > *Even more so* -- it seems like unauthorized users can email this
>> > list?
>> > 
>> > Why not just restrict it to people who have subscribed?
>> 
>> Because this excludes use cases that are deemed valid by the list
>> masters.
>  
> Like what?
>
> Why not this:  To post or reply to the list, you must be
> a subscriber; but to read/browse (even search archives, etc.), you
> do not. This is the way most of the lists I've been involved with have
> been set up.  Works quite well controlling spurious posting by 'bots.
> One list I used required annual renewal..

That would preclude those of us who still read it on usenet.

Re: Spam on Debian lists (was: Actually)

[Joel Rees]

On Fri, Apr 21, 2017 at 6:52 AM, Patrick Bartek  wrote:
> On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
> wrote:
>
>> fc:
>> >
>> > Actually -- does anyone monitor this list for this type of stuff?
>>
>> You have no idea *how much* spam is blocked by the work of the list
>> masters. But it's not that anybody monitors all of the almost 300
>> Debian lists¹ with thousands of posts each day.
>>
>> > I see these types of things come through periodically -- and 1
>> > delete on the front end could prevent a lot of woe.
>>
>> Your help is appreciated:
>> https://wiki.debian.org/Teams/ListMaster/ListArchiveSpam
>>
>> Obviously, this only affects the archive after all subscribers already
>> received the spam message. Moderating all Debian lists is not a job
>> that anybody wants to do (and it wouldn't even be appreciated).
>>
>> > *Even more so* -- it seems like unauthorized users can email this
>> > list?
>> >
>> > Why not just restrict it to people who have subscribed?
>>
>> Because this excludes use cases that are deemed valid by the list
>> masters.
>
> Like what?
>
> Why not this:  To post or reply to the list, you must be
> a subscriber; but to read/browse (even search archives, etc.), you
> do not. This is the way most of the lists I've been involved with have
> been set up.  Works quite well controlling spurious posting by 'bots.
> One list I used required annual renewal..

How do you limit posts to subscribers?

Login?
Subscriber list?

What happens when you need an answer, but you don't have access to a
functional machine that you can trust?

Also, I think there is a web forum that functions more or less as you describe:

http://forums.debian.net/

-- 
Joel Rees

I'm imagining I'm a novelist:
http://joel-rees-economics.blogspot.com/2017/01/soc500-00-00-toc.html
More of my delusions:
http://reiisi.blogspot.jp/p/novels-i-am-writing.html

Re: Spam on Debian lists (was: Actually)

[Patrick Bartek]

On Thu, 20 Apr 2017 22:40:56 +0200 Jochen Spieker 
wrote:

> fc:
> >
> > Actually -- does anyone monitor this list for this type of stuff?
> 
> You have no idea *how much* spam is blocked by the work of the list
> masters. But it's not that anybody monitors all of the almost 300
> Debian lists¹ with thousands of posts each day.
> 
> > I see these types of things come through periodically -- and 1
> > delete on the front end could prevent a lot of woe.
> 
> Your help is appreciated:
> https://wiki.debian.org/Teams/ListMaster/ListArchiveSpam
> 
> Obviously, this only affects the archive after all subscribers already
> received the spam message. Moderating all Debian lists is not a job
> that anybody wants to do (and it wouldn't even be appreciated).
> 
> > *Even more so* -- it seems like unauthorized users can email this
> > list?
> > 
> > Why not just restrict it to people who have subscribed?
> 
> Because this excludes use cases that are deemed valid by the list
> masters.
 
Like what?

Why not this:  To post or reply to the list, you must be
a subscriber; but to read/browse (even search archives, etc.), you
do not. This is the way most of the lists I've been involved with have
been set up.  Works quite well controlling spurious posting by 'bots.
One list I used required annual renewal..

B

Re: Spam on Debian lists (was: Actually)

[Michael Fothergill]

On 20 April 2017 at 21:40, Jochen Spieker  wrote:

> fc:
> >
> > Actually -- does anyone monitor this list for this type of stuff?
>
> You have no idea *how much* spam is blocked by the work of the list
> masters. But it's not that anybody monitors all of the almost 300 Debian
> lists¹ with thousands of posts each day.
>
> > I see these types of things come through periodically -- and 1 delete on
> the
> > front end could prevent a lot of woe.
>
> Your help is appreciated:
> https://wiki.debian.org/Teams/ListMaster/ListArchiveSpam
>
> Obviously, this only affects the archive after all subscribers already
> received the spam message. Moderating all Debian lists is not a job that
> anybody wants to do (and it wouldn't even be appreciated).
>
> > *Even more so* -- it seems like unauthorized users can email this list?
> >
> > Why not just restrict it to people who have subscribed?
>
> Because this excludes use cases that are deemed valid by the list
> masters.
>

​Especially queries about the relative merits of sysinit vs systemd in
Debian.

MF​


>
> J.
> --
> I wish I had been aware enough to enjoy my time as a toddler.
> [Agree]   [Disagree]
>   data_enter2.html>
>

Re: debian list security; mh question (was Re: spam on debian lists (Re : Program Submission))

[Martin Bialasinski]

* Samuel == Samuel R Scarano [EMAIL PROTECTED] wrote:

Samuel 2) the fact that no '[EMAIL PROTECTED]' is subscribed to
Samuel the list?

You are not required to be subscribe to post to the list. It is more
trouble than it is worth - I am on three such lists.

Ciao,
Martin

debian list security; mh question (was Re: spam on debian lists (Re : Program Submission))

[Samuel R. Scarano]

Oops -- that '[EMAIL PROTECTED]' was me (Samuel Scarano) --
there's no such thing as tumbolia.debian.org -- I'm surprised the list
server accepted that! What happened was, I sent the message using mh
(from my laptop, which is (and was) connected via the t1 we have at my
job), which tries to send mail as if my computer has a real hostname.
Usually it just gets rejected and I remember that I can't do that and
proceed to try again using tkrat, which is configured to use my
university's smtp server to send messages.

Does anyone know why lists.debian.org accepted my message despite:
1) the invalid hostname, and
2) the fact that no '[EMAIL PROTECTED]' is subscribed to the list?

Just to be clear, I'm not affiliated with Debian, and didn't send that
message from some mythical tumbolia.debian.org -- tumbolia is the
hostname I gave my laptop (brownie points if you know the reference :-)
and I guess debian.org is the default domain name in slink -- unless I
got drunk and entered that myself

Another question I have, which has been bothering me for a while (and believe
me, I have RTFM), is: how do I tell mh to use a remote smtp server?

On 17 Jun, [EMAIL PROTECTED] wrote:
 What's the deal with spam? I mean, on the mailing list signup page, 
 there's a message about an automatic $1000 fee for spam; does SPI ever
 actually collect on this?
 
 In message [EMAIL PROTECTED] you wrote:
 [blah,blah,blah]
as it is not our intention to spam but to let individuals know about
advertising their software.

Best Regards,
Frank Warwick
Editor
Icon Shareware
 
 OK, so we got the S.O.B. red-handed -- now can SPI nail Icon
 Shareware (or him) with a law suit or what? Or am I just too naive?
 
 

Re: spam on debian lists (Re: Program Submission)

[Michelle Konzack]

I France it will be no problem, 
Everybody know the price for spaming ist 1000 UD$ 
and if I send him a Lawer, he has no chance and MUST pay.

I think, Debian MUST do that TOO 

Webmistress Michelle
Michelle's Internet Service
Strasbourg - France


At 02:24 17.06.1999 -0300, you wrote
 This was the original Message:
MKWhat's the deal with spam? I mean, on the mailing list signup page, 
MKthere's a message about an automatic $1000 fee for spam; does SPI ever
MKactually collect on this?
MK
MKIn message [EMAIL PROTECTED] you wrote:
MK[blah,blah,blah]
MKas it is not our intention to spam but to let individuals know about
MKadvertising their software.
MK
MKBest Regards,
MKFrank Warwick
MKEditor
MKIcon Shareware
MK
MKOK, so we got the S.O.B. red-handed -- now can SPI nail Icon
MKShareware (or him) with a law suit or what? Or am I just too naive?
MK
 The Reply begins here: