Bernd Edlinger <bernd.edlin...@hotmail.de> writes: > On 4/1/20 8:51 AM, Bernd Edlinger wrote: >> On 3/26/20 4:27 PM, Bernd Edlinger wrote: >>> On 3/26/20 4:16 PM, Christopher Faylor wrote: >>>> >>>> marc.info is an independent site that is not associated with >>>> sourceware.org. We don't control it. If you have questions about their >>>> site then ask them. >>>> >>>> The mailing list software is all easily discernible by investigating >>>> email headers and via google but someone else answered your questions >>>> later in this thread. >>>> >>> >>> But don't you think that we change something in 6.3 to make them break. >>> like no longer sending updates, or something? >>> >>> Don't you have any idea what changed on our side? >>> >>> I mean what should I tell them they should do to fix that????? >>> >>> >> >> Ah, marc.info is fixed, it turned out that the messages were just Quarantined >> because due to the change in the ip adresses, mailing software etc. >> marc.info was under the impression that all these messages were just spam. >> >> That is what they told me: >> >> "For lists that often get spammed, we set up some silent header-checks >> so that mails that don't look like they came from the real listserver >> get quarrantined, and don't appear when viewing that list. >> >> Well, that can break when mailing list software changes - like when they >> switched away from ezmlm to Mailman. >> >> I've updated our filter check and un-quarrantined about 4500 mails to >> various gcc- lists that landed there this month." >> >> So indeed all our mailing list message are again on marc.info, >> I think when it can handle lkml it can handle gcc-patches as well. >> >> Many Thanks go to Hank Leininger who does a gread job with marc.info. >> >> >> Bernd. >> > > PS: I have a discovered a very serious problem with the mailing lists > that must be fixed by our overseers. > > That is the scubbed attachments. > > As an example please look at this one: > https://marc.info/?l=gdb-patches&m=158571308379946&w=2 > > > you see this: > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: 0001-Fix-range-end-handling-of-inlined-subroutines.patch > Type: text/x-patch > Size: 10992 bytes > Desc: not available > URL: > <http://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin> > > So there are two serious problems here: > > 1. there is a single point of failure, if sourceware.org goes down the > attachment is lost. > > 2. since the url is http: a man in the middle can impersonate sourceware.org > and give you a > virus instead of my patch file. > It does not help that sourceware.org redirects the download to > https://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin > an attacker will not be so polite to do that. > > > @overseeers: PLEASE STOP IMMEDIATELY THAT SCRUBBING > > can you act now, or do you need a CVE number first ?
The overseers are reachable on: https://sourceware.org/mailman/listinfo/overseers Please keep the tone civil. I hope we never see the day where the GCC/ sourceware lists have to have a code of conduct, but if we did, I think some of the messages on this thread would have breached it. Thanks, Richard
