Raul Miller writes ("debian-ctte mailing list and spam"):
> As near as I can tell, the only outstanding committee mailing list admin
> issue is that the list is closed to non-subscribers.I think this is true. > The advantage of this policy is that it does reduce the amount of spam > the list gets. For contrast, contrast > http://lists.debian.org/deity/2004/06/threads.html > which is relaying spam. Many other lists get lots of spam too. > Personally, I think we need a better heuristic. I agree that a better heuristic would be nice. > My ideal would be a combination of: > > If the email is signed by some pgp key that we can validate, it's OK. > > Otherwise, send the user some token (with polite and informative > instructions) and if they respond with that token to some control > address within a week, forward the message to the list. The latter is very close to member posting only. But, yes, I'd be happy with that. > But I don't know if that's something the admin team is comfortable with. > Does anyone have any comments on what's doable or good on the debian > servers? I have some effort available for implementing such a scheme, it it helps. > I also don't know how the other committee members would feel about this > mechanism. [Currently, little traffic is signed, this message included > -- I know I like to minimize my key use for a variety of reasons, most > related to security. However, this proposal would mean more work for > everybody not signing their messages.] It would be straightforward to allow people to use a different lower-security key. We could add the addresses which respond to the challenge to a whitelist, turning the whole thing into a challenge-response scheme. Ian.
