RE: [Q] Question about Mailarchive
With regard to the disclosure of email addresses in various ways via Apache Software Foundation Services, the disclosure of email addresses is rather widespread. It appears that the MBox option for obscuring e-mail addresses applies only to the From: field of an archived post. There is no obfuscation of email addresses or anything else in the body of a message. In a reply or forwarding, a sender's email address is also likely exposed. If someone wants to harvest these email addresses, the easiest way is to subscribe to the list and harvest everything in the messages in the form they are forwarded to list subscribers. This is easier and won't reveal itself in the archive-server logs. - Dennis -Original Message- From: Mathias Röllig [mailto:mroellig.n...@gmx.net] Sent: Thursday, July 2, 2015 15:40 To: dev@openoffice.apache.org Subject: Re: [Q] Question about Mailarchive Hello Andrea! All things against spambots are good things, isn't it? Still this wouldn't solve the problem, since other mirroring services are not guaranteed to conceal addresses. This will result into the question who owns the data and who have the right to mirror public the messages. But this is another discussion. I note that Bugzilla is the first forum for me that post ALL of its registered usernames and corresponding email addresses via mail archive to the internet. Thank you! Regards, Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Q] Question about Mailarchive
Mathias Röllig wrote: Now look at http://mail-archives.apache.org/mod_mbox/openoffice-issues/201507.mbox/%3Cbug-126388-248469-ZzlQH5cCPb%40https.bz.apache.org%2Fooo%2F%3E So what I want to know is: Is there a possibility that all email addresses in mail archive are shortened, so that no spambot can use it? We use the standard Foundation-wide installation of mod_mbox: http://httpd.apache.org/mod_mbox/ One should ask to the lists listed there to know if it is possible 1) To configure mod_mbox to conceal addresses 2) To enable this configuration on the apache.org instance (this is better asked to the Infrastructure lists actually) All things against spambots are good things, isn't it? Still this wouldn't solve the problem, since other mirroring services are not guaranteed to conceal addresses. Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Q] Question about Mailarchive
Hello Andrea! All things against spambots are good things, isn't it? Still this wouldn't solve the problem, since other mirroring services are not guaranteed to conceal addresses. This will result into the question who owns the data and who have the right to mirror public the messages. But this is another discussion. I note that Bugzilla is the first forum for me that post ALL of its registered usernames and corresponding email addresses via mail archive to the internet. Thank you! Regards, Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Q] Question about Mailarchive
Hello Dennis! Thank you again! Maybe my english is too bad, so we are talking about different things. Sorry for some misunderstanding. Let me make a last try. As mentioned separately, the email addresses of contributors to the Bugzilla are visible to anyone having an account, and that satisfies the ASF requirements for transparency. No problem, I agree. Although the HTML files obscure the email addresses, they can still be harvested from the raw HTML, and the CC: lists are not obscured at all (and are visible to non-subscribers). Example: https://bz.apache.org/ooo/show_bug.cgi?id=3560 If I look at the HTML source I can't find any email address. The CC list: select id=cc multiple=multiple size=5 option value=baumuxbaumux/option option value=bob-openofficebob-openoffice/option option value=bugger_aoobugger_aoo/option option value=chris_muxchris_mux/option […] Maybe you have looked at a cached version where you was logged in? Although email addresses are not strong identifiers of individuals, association of email addresses with contributors works well enough for Apache purposes, in practice. Maybe it was my fault to use the word hide. I better should wrote shorten. Look at your precedent message at http://mail-archives.apache.org/mod_mbox/openoffice-dev/201506.mbox/%3C009c01d0b351%2419fa95c0%244defc140%24%40acm.org%3E So you will see that your email address is shortened to dennis.hamil...@acm.org. My email address inside the quoted text isn't shortened. Now look at http://mail-archives.apache.org/mod_mbox/openoffice-issues/201507.mbox/%3Cbug-126388-248469-ZzlQH5cCPb%40https.bz.apache.org%2Fooo%2F%3E You will see that the sender email address from issuezilla is shortened to bugzi...@apache.org But the original sender address from Regina and all other email addresses inside aren't shortened. So what I want to know is: Is there a possibility that all email addresses in mail archive are shortened, so that no spambot can use it? (It would be a nice thing if also quoted email addresses in messages in bugzilla itself for not logged in visitors are shortened.) I think there should be a possibility and has nothing to do with privacy statements and in my opinion it would be a good thing for all subscribers. All things against spambots are good things, isn't it? Regards, Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Q] Question about Mailarchive
Hello Dennis! Thank you for your response. But please read my original message and Look at http://mail-archives.apache.org/mod_mbox/openoffice-issues/ There is the address of the (always same) sender hidden: bugzi...@apache.org But all other email addresses are free readable. Do you think it is OK? Regards, Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Q] Question about Mailarchive
Hi see inline please. On 25 June 2015 at 12:03, Mathias Röllig mroellig.n...@gmx.net wrote: Hello! Mailing lists intend to be a little private; only subsribers should read the messages. This isn't the case since mailing list will be mirrored at the internet. Apache mailing lists are pr. definition public, we try to make as much as possible public. We do have a few private mailings (each project has one), but they are to be used for matters involving people. Most mirrors hide the email addresses of senders and inside the message text. But not all. correct. A special case is bugzilla. Bugzilla not intends to be a mailing list. It seems it is a closed forum which shows sender addresses only for people who are logged in. Bugzilla posts will be streamed into a mailing list - and there is the problem. We do it with bugzilla and also with subversion. I actually do not see the problem, bugzilla/subversion are as such is also public, and anybody can go in and read the content, even without a user. Look at http://mail-archives.apache.org/mod_mbox/openoffice-issues/ There is the address of the (always same) sender hidden: bugzi...@apache.org But all other email addresses are free readable. Do you think it is OK? I do. We believe in being totally open, that includes mailing addresses. If you do not want your mail address exposed, then create and use an alias. rgds jan i. Regards Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Q] Question about Mailarchive
Hello! A special case is bugzilla. Bugzilla not intends to be a mailing list. It seems it is a closed forum which shows sender addresses only for people who are logged in. Bugzilla posts will be streamed into a mailing list - and there is the problem. We do it with bugzilla and also with subversion. I actually do not see the problem, bugzilla/subversion are as such is also public, and anybody can go in and read the content, even without a user. I do not talk about the content - only about the email addresses. And these are not public in bugzilla. Regards Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
[Q] Question about Mailarchive
Hello! Mailing lists intend to be a little private; only subsribers should read the messages. This isn't the case since mailing list will be mirrored at the internet. Most mirrors hide the email addresses of senders and inside the message text. But not all. A special case is bugzilla. Bugzilla not intends to be a mailing list. It seems it is a closed forum which shows sender addresses only for people who are logged in. Bugzilla posts will be streamed into a mailing list - and there is the problem. Look at http://mail-archives.apache.org/mod_mbox/openoffice-issues/ There is the address of the (always same) sender hidden: bugzi...@apache.org But all other email addresses are free readable. Do you think it is OK? Regards Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
RE: [Q] Question about Mailarchive
The email addresses of submitters and those who have CC'd themselves are certainly visible to anyone who creates a Bugzilla account (there are no limitations), just as to anyone who subscribes to an issues@ list or accesses an issues@ list archive. People should understand that there is no email-account privacy for email addresses used in those contexts. That applies to forums and wikis that projects operate or are affiliated with projects. (One difficulty we have is people who write to users@ without realizing they are writing to a mailing list. That does not happen too often though.) There is no policy that involves hiding of email addresses. There is a desire for transparency and also visible provenance of contributions. As Jan remarked, an alias is one semi-transparent way to contribute in a manner that does not reveal one's personal email account or identification. (Apache committers automatically have @apache.org email addresses as aliases, although they are amazingly under-used.) Folks who choose to operate anonymously will have difficulty participating in Apache Projects, although one can register an alias so long as an actual identification is recorded with the Secretary of the ASF. - Dennis -Original Message- From: Mathias Röllig [mailto:mroellig.n...@gmx.net] Sent: Thursday, June 25, 2015 05:18 To: dev@openoffice.apache.org Subject: Re: [Q] Question about Mailarchive Hello! A special case is bugzilla. Bugzilla not intends to be a mailing list. It seems it is a closed forum which shows sender addresses only for people who are logged in. Bugzilla posts will be streamed into a mailing list - and there is the problem. We do it with bugzilla and also with subversion. I actually do not see the problem, bugzilla/subversion are as such is also public, and anybody can go in and read the content, even without a user. I do not talk about the content - only about the email addresses. And these are not public in bugzilla. Regards Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [Q] Question about Mailarchive
Hello! It seems, we are talking about different things. There is no policy that involves hiding of email addresses. There is [...] Is this clear for anybody who create an account for bugzilla? Folks who choose to operate anonymously will have difficulty [...] I'm not talking about anonymity. The problem is the visibility of email addresses for spambots. - Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
RE: [Q] Question about Mailarchive
I don't recall seeing a privacy policy as part of creating a Bugzilla account. If you look at the home page at https://bz.apache.org/ooo/ and are logged in, notice that it shows your email address as who is logged in and who you would be logging out. On a bug page, if you click to see who is on a CC list, you will see a list of email addresses. Although names are shown for submitters, the values of those links are mailto: URLs with the email addresses, and you can also see that if you mouse-over those links. There is some obfuscation in the HTML code on those pages, so scraping the web page does not find URLs easily. For example, in the CC List for an issue, the @ is in the HTML as #64; the character code of that character. So a harvester would have to know that possibility when searching for email addresses. The address displays with @ but that is not what will be found if scanning the web page. Also, requiring that an user be logged in also inhibits most of the links and that appears to be a common Bugzilla implementation behavior. Also, I am able to see CC Lists without logging in at the AOO Bugzilla and at a non-ASF Bugzilla that I use. This obfuscation won't solve the fact that emails and archives based on the Bugzilla issues and comments on them will reveal email addresses. Those present the user-chosen name and the email address that the user employed. - Dennis -Original Message- From: Mathias Röllig [mailto:mroellig.n...@gmx.net] Sent: Thursday, June 25, 2015 16:25 To: dev@openoffice.apache.org Subject: Re: [Q] Question about Mailarchive Hello! It seems, we are talking about different things. There is no policy that involves hiding of email addresses. There is [...] Is this clear for anybody who create an account for bugzilla? Folks who choose to operate anonymously will have difficulty [...] I'm not talking about anonymity. The problem is the visibility of email addresses for spambots. - Mathias - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
