On 01/23/2014 09:25 PM, Joshua Johnson wrote: > Can attachments within this email group be disallowed or securely scanned > before passing along to the group to help prevent malicious attacks?
I don't think it should be the mailing list's job to do that. I also
don't believe there is such a thing as a "secure scan" without many
further details about what specific systems you are trying to secure
against what specific kinds of attacks. And disallowing attachments
would be a terrible idea for a list whose main goal is to solicit
patches from the community.
As for secure scanning: since we don't know the full list of systems
that process mail that comes from the list, we won't ever know what
sorts of scanning is necessary.
In practice, a few basic checks (like limiting the size of each message,
or rate-limiting subscribers who send too frequently) might be
warranted, but excessive filtering is probably harmful to the list, and
it seems to be an insoluble problem in the first place.
Is there any evidence that this list has been abused to transmit
malicious content to any of its readers?
--dkg
signature.asc
Description: OpenPGP digital signature
