Please note that Google has already indexed
a lot of our LSST listserve message pages.  Even if 
the mail list becomes password-protected, the Google 
user can simply display Google's 'cached' version
of the page to see the content, circumventing the
password protection.  

I was a victim of this ... some competition-sensitive
EPO proposal ideas were being discussed on the LSST-EPO
list last year.  When doing a web search recently on one
of the keywords related to our concept, the Google search
results page included 2 of my "confidential" messages
within Google's top 3 hits.   Ouch!  Even after Iain
changed the privacy settings on the list, I could still
see the content of my messages in Google's cached pages.
(Aren't caches wonderful?)

In addition, since some of these LSST lists are open to
almost anyone to subscribe, we discovered at least 
one "lurker" on the LSST-EPO group who was a competitor 
(with regard to funding and proposal ideas).

Bottom line -- be careful what you send to the listserve.
If you need to be protective of something, then send the
message to Jeff and Tim (who need to know) and then also send it
to the specific persons to whom you are targeting your message.

- Kirk

----- Original Message -----
From: Jeffrey P Kantor <[EMAIL PROTECTED]>
Date: Tuesday, September 26, 2006 5:15 pm
Subject: Re: [LSST-data] Postings to list servers
To: LSST Data Management Mailing List <[email protected]>

> Hi Zeljko,
> 
> Actually you can set mailman (the tool we use for lsst lists) 
> lists to be
> "private", that is to require someone to be subscribed to see the list
> contents and you have enter your email and password.  This is a
> configuration setting.  Then the administrator simply manages who 
> is allowed
> to subscribe.  I believe (after some initial confusion on the list 
> manager'spart) this is how the lsst-scmgt list is configured.
> 
> You can also set the entire list so that it is hidden from the 
> overall list
> directory page, so you have to know the name of the list to find it.
> 
> Of course, for lsst-data, we WANT the list to be readable, so it 
> is not set
> that way.  But this can be done on an individual list basis, so if you
> wanted lsst-sc that way for example, it can be set with those 
> parameters.
> Jeff
> 
> > From: Zeljko Ivezic <[EMAIL PROTECTED]>
> > Organization: University of Washington
> > Reply-To: [EMAIL PROTECTED], LSST Data Management
> > <[email protected]>
> > Date: Tue, 26 Sep 2006 12:38:39 -0700
> > To: Chris Smith <[EMAIL PROTECTED]>
> > Cc: LSST Data Management <[email protected]>
> > Subject: Re: [LSST-data] Postings to list servers
> > 
> > Chris Smith wrote:
> >> 
> >> Hi all,
> >> 
> >> Isn't the simple solution for sensitive documents to post them 
> to the
> >> Docushare and then email out the *link* to the mailing lists?
> > 
> >      Chris,
> > 
> > for documents yes, but mailing lists offer much more flexibility
> > for everyday's discussions. Regarding a comment by Russ, I wasn't
> > thinking of a super-secret impenetrable system but rather something
> > that will prevent semi-private e-mail deliberations from being
> > widely broadcast to the whole wide world.
> > 
> >   Cheers,
> > 
> >   Zeljko
> > 
> > 
> > _______________________________________________
> > LSST-data mailing list
> > [email protected]
> > http://www.lsstmail.org/mailman/listinfo/lsst-data
> > 
> 
> _______________________________________________
> LSST-data mailing list
> [email protected]
> http://www.lsstmail.org/mailman/listinfo/lsst-data
> 
_______________________________________________
LSST-data mailing list
[email protected]
http://www.lsstmail.org/mailman/listinfo/lsst-data

Reply via email to