> -----Original Message----- > From: Duncan Findlay [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 26, 2005 10:27 PM > To: [email protected] > Subject: Re: PROPOSAL: create "SpamAssassin Rules Project" > > > On Tue, Jul 26, 2005 at 02:33:12PM -0400, Chris Santerre wrote: > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Herb Martin writes: > > > > Normally in an open source project anyone who wishes to > > > > listen, lurk, and read or even use the bleeding edge code > > > > is free to do so to learn and get into the frame of the > > > > project. > > > > > > > > That cannot be true (to the same extent) if there are > > > > security layers that make such gradual involvement > > > > difficult. > > > > > > Yep, this is entirely true -- and this is the reason why the > > > ASF suggests > > > that lists should be open if at all possible. > > > > > > It's a tricky conundrum -- need to think about this some more... > > > > I don't see official rules majorly discussed in the open > now. With a new > > release of SA, you don't go into detail about what new > rules are looking > > for, so why should that change. > > If they aren't discussed in the open right now, they aren't being > discussed. :-) The development process is perfectly open right now, > yet it's not a problem; i.e. we don't have any evidence that spammers > are exploiting this.
The dev process is mostly about coding. Spammers ain't gonna sift thru that. But they understand when someone on the SATALK list say: "I'm working on a rule to catch single dictionary words int he 'target' field of HTML.." Then spammers will most likey stop that. > > > People who update from SARE, just hear: "Hey xxxx.cf got > updated." And they > > go and get it. Or they don't even know it gets updated and > the RDJ script > > does it. So public is pretty good at just accepting the > rule updates. > > Yes, but it's difficult for people to join SARE, or learn what goes > into rule development. If all the development takes place in private, > then there's no way for newcomers to join and this is a really bad > thing. How do you think all the SARE members got in? Wasn't hard. They did good work. Some wrote rules that were never used, but showed the will to do it. So they got in. > > > Having an open public discussion on new rule ideas, pretty > much defeats the > > purpose. > > I'd like to see the data that supports this claim. I'm really > skeptical. Whens the last time you got a hit on Mr_Wiggly ruleset? We never saved data on this. But if you ask ANY SARE member, they will backup this claim. Or better yet, go ahead and start a new rule discussion in the SATALK list. Pick a spam flag and go for it. See how long it takes for that flag to go bye bye ;) --Chris
