Bernd Edlinger <bernd.edlin...@hotmail.de> writes:
> On 4/2/20 11:01 AM, Richard Sandiford wrote:
>> Bernd Edlinger <bernd.edlin...@hotmail.de> writes:
>>> On 4/1/20 8:51 AM, Bernd Edlinger wrote:
>>>> On 3/26/20 4:27 PM, Bernd Edlinger wrote:
>>>>> On 3/26/20 4:16 PM, Christopher Faylor wrote:
>>>>>>
>>>>>> marc.info is an independent site that is not associated with
>>>>>> sourceware.org.  We don't control it.  If you have questions about their
>>>>>> site then ask them.
>>>>>>
>>>>>> The mailing list software is all easily discernible by investigating
>>>>>> email headers and via google but someone else answered your questions
>>>>>> later in this thread.
>>>>>>
>>>>>
>>>>> But don't you think that we change something in 6.3 to make them break.
>>>>> like no longer sending updates, or something?
>>>>>
>>>>> Don't you have any idea what changed on our side?
>>>>>
>>>>> I mean what should I tell them they should do to fix that?????
>>>>>
>>>>>
>>>>
>>>> Ah, marc.info is fixed, it turned out that the messages were just 
>>>> Quarantined
>>>> because due to the change in the ip adresses, mailing software etc.
>>>> marc.info was under the impression that all these messages were just spam.
>>>>
>>>> That is what they told me:
>>>>
>>>> "For lists that often get spammed, we set up some silent header-checks
>>>> so that mails that don't look like they came from the real listserver
>>>> get quarrantined, and don't appear when viewing that list.
>>>>
>>>> Well, that can break when mailing list software changes - like when they
>>>> switched away from ezmlm to Mailman.
>>>>
>>>> I've updated our filter check and un-quarrantined about 4500 mails to
>>>> various gcc- lists that landed there this month."
>>>>
>>>> So indeed all our mailing list message are again on marc.info,
>>>> I think when it can handle lkml it can handle gcc-patches as well.
>>>>
>>>> Many Thanks go to Hank Leininger who does a gread job with marc.info.
>>>>
>>>>
>>>> Bernd.
>>>>
>>>
>>> PS: I have a discovered a very serious problem with the mailing lists
>>> that must be fixed by our overseers.
>>>
>>> That is the scubbed attachments.
>>>
>>> As an example please look at this one:
>>> https://marc.info/?l=gdb-patches&m=158571308379946&w=2
>>>
>>>
>>> you see this:
>>>
>>> -------------- next part --------------
>>> A non-text attachment was scrubbed...
>>> Name: 0001-Fix-range-end-handling-of-inlined-subroutines.patch
>>> Type: text/x-patch
>>> Size: 10992 bytes
>>> Desc: not available
>>> URL: 
>>> <http://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin>
>>>
>>> So there are two serious problems here:
>>>
>>> 1. there is a single point of failure, if sourceware.org goes down the 
>>> attachment is lost.
>>>
>>> 2. since the url is http: a man in the middle can impersonate 
>>> sourceware.org and give you a
>>> virus instead of my patch file.
>>> It does not help that sourceware.org redirects the download to 
>>> https://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin
>>> an attacker will not be so polite to do that.
>>>
>>>
>>> @overseeers: PLEASE STOP IMMEDIATELY THAT SCRUBBING
>>>
>>> can you act now, or do you need a CVE number first ?
>> 
>> The overseers are reachable on:
>> 
>>   https://sourceware.org/mailman/listinfo/overseers
>> 
>> Please keep the tone civil.  I hope we never see the day where the GCC/
>> sourceware lists have to have a code of conduct, but if we did, I think
>> some of the messages on this thread would have breached it.
>> 
>> Thanks,
>> Richard
>> 
> Thanks, for reminding me.
>
> I do personally full-heatedly apologize, and regret what I said above.
>
> I am sorry if I made you feel bad.  That was not the true intention of what
> I said.
>
>
> I asked Hank Leininger for clarification how mark.info subscribes the mails,
> and what data he gets exactly from us.
>
> I am still waiting for his response, and let you know what he says.
>
> In the meantime, culd you please change http: to https:

Just in case: I'm not actually an overseer myself, but I can see how
my message could give that impression.  I think the request would be
better sent to the overseers list, if you haven't already

Sorry for the confusion :-)

Richard

Reply via email to