Bernd Edlinger <bernd.edlin...@hotmail.de> writes:
> On 4/1/20 8:51 AM, Bernd Edlinger wrote:
>> On 3/26/20 4:27 PM, Bernd Edlinger wrote:
>>> On 3/26/20 4:16 PM, Christopher Faylor wrote:
>>>>
>>>> marc.info is an independent site that is not associated with
>>>> sourceware.org.  We don't control it.  If you have questions about their
>>>> site then ask them.
>>>>
>>>> The mailing list software is all easily discernible by investigating
>>>> email headers and via google but someone else answered your questions
>>>> later in this thread.
>>>>
>>>
>>> But don't you think that we change something in 6.3 to make them break.
>>> like no longer sending updates, or something?
>>>
>>> Don't you have any idea what changed on our side?
>>>
>>> I mean what should I tell them they should do to fix that?????
>>>
>>>
>> 
>> Ah, marc.info is fixed, it turned out that the messages were just Quarantined
>> because due to the change in the ip adresses, mailing software etc.
>> marc.info was under the impression that all these messages were just spam.
>> 
>> That is what they told me:
>> 
>> "For lists that often get spammed, we set up some silent header-checks
>> so that mails that don't look like they came from the real listserver
>> get quarrantined, and don't appear when viewing that list.
>> 
>> Well, that can break when mailing list software changes - like when they
>> switched away from ezmlm to Mailman.
>> 
>> I've updated our filter check and un-quarrantined about 4500 mails to
>> various gcc- lists that landed there this month."
>> 
>> So indeed all our mailing list message are again on marc.info,
>> I think when it can handle lkml it can handle gcc-patches as well.
>> 
>> Many Thanks go to Hank Leininger who does a gread job with marc.info.
>> 
>> 
>> Bernd.
>> 
>
> PS: I have a discovered a very serious problem with the mailing lists
> that must be fixed by our overseers.
>
> That is the scubbed attachments.
>
> As an example please look at this one:
> https://marc.info/?l=gdb-patches&m=158571308379946&w=2
>
>
> you see this:
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: 0001-Fix-range-end-handling-of-inlined-subroutines.patch
> Type: text/x-patch
> Size: 10992 bytes
> Desc: not available
> URL: 
> <http://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin>
>
> So there are two serious problems here:
>
> 1. there is a single point of failure, if sourceware.org goes down the 
> attachment is lost.
>
> 2. since the url is http: a man in the middle can impersonate sourceware.org 
> and give you a
> virus instead of my patch file.
> It does not help that sourceware.org redirects the download to 
> https://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin
> an attacker will not be so polite to do that.
>
>
> @overseeers: PLEASE STOP IMMEDIATELY THAT SCRUBBING
>
> can you act now, or do you need a CVE number first ?

The overseers are reachable on:

  https://sourceware.org/mailman/listinfo/overseers

Please keep the tone civil.  I hope we never see the day where the GCC/
sourceware lists have to have a code of conduct, but if we did, I think
some of the messages on this thread would have breached it.

Thanks,
Richard

Reply via email to