On Tue, Jul 16, 2002 at 05:07:48PM -0700, Chuq Von Rospach wrote: > in contact with the author of a message? If the archive is scrubbed, that > info is gone. And (god forbid), you get into a legal tangle? That's your > legal record of what was said on the mail list and who said it. If you scrub > it, and someone does something actionable or libelous and you get a court > order to provide that data? You're hosed.
Nope. As long as your policies *do not change after* you receive such an order, you are not legally liable. You're not required even to *keep8 the archives by anything I know about -- you *are* familiar with the term "retention policy", right? :-) > I come from a newspaper family, so I have a bias towards "you don't > unpublish stuff, you don't change it once it's published". But I think there > are good reasons to avoid sanitizing the archives, and instead sanitizing > the delivery of those archives -- if only because if your policies change, > all you need to change is the CGI. And it gives you the ability to set up > different sets of abilities per user or per list if you want, too. Concur. Even though it's computationally expensive, bind as late as possible. > > We'd obviously have to get rid of the easy access to the raw mbox > > file, so another question is whether that's still useful. > > Honestly? I don't think so. I find them real kludgy. I ended up doing a new > archiving system (one file per message) via a perl script. We're about to > take our new search engine out of beta with the thing, finally. I hope you're de heirarchicalizing the directories. > > Also, what heuristic do you use to search for email addresses, and > > what do you scrub them with? > > Still being worked on. Right now, I'm basically doing a > <wordboundary><nonwhitespace>@<nonwhitespaceordot><dot>nonwhitespace><wordbo > undary>. I don't know how strongly we'll refine it. Some places put spaces in mailbox names -- you'd better deal with quoted LHS's. > > It kind of plays into Reply-To: munging doesn't it? If you won't be > > able to reply to the original author, because we're anonymizing > > messages, then you might as well munge Reply-To: to go back to the > > list because that's the only posting address that makes sense. > > Yes (he says, grimacing). You feel my pain. :-) > If you sanitize the archives, I don't think it affects the list. There are > simply NO mailtos any more in the archives. > > If you go the step further and anonymize the postings ON the list, so > subscriber email addresses simply are never shown to other subscribers under > any circumstances (ugh. Urp. I can't believe I'm saying that. This is so > anti-community it hurts), you have no choice and reply-to has to point to > the list, since it's the only contact point left. Well, no: reply-to should be ADDRESS-REMOVED-FOR-SECURITY, and the pain should be pointed at the list admin. > If you instead turn the list server into a forwarding agent, as in: > > > Or should Mailman get into the anonymous resender game? There's > > probably a lot we could do here, but given the political risks of > > anonymous resenders, do we even want go there? > > Is it an anonymous remailer? We're making no pretense of anonymity here. > We're acting as a forwarding agent, ala hotmail.com or mac.com. You mail to > [EMAIL PROTECTED], and it ends up in my mailbox. The fact that we're not > explicitly denoting the real email address doesn't make us an anonymous > remailer -- that'd be a policy issue, actually. I suppose you could take it > that step further, but you could also set it up so validated subscribers > could get to the real addresses. That would be a bit helpful, but *does* fundamentally change what the package is doing. > using the remailer address in mail that leaves the site, but a subscriber > could go to the list system and look a user up. That gets us away from the > politics of the anonymous stuff. But conversely, if subs can see real addresses in real messages, you're only one step away from the harvesting problem you mentioned earlier. > > Have you looked at SpamAssassin Chuq? > > See my other message. SA is a good tool, if you have someone around willing > to update it, monitor it, and make sure it stays up to date technologically > with current releases that are updated to match the spammers changes. Do you > want to require SA to be installed as a requirement for Mailman? What about > sites where they don't have an admin to keep updating it? You don't get what you don't pay for. Chuq, it's obvious to me that that's not a good enough answer for you. but I'm afraid, even though I know you've put at least one long reply to me into trying to explain why not in the past, that I still don't get it. Maybe it's me. So many things are just me. But *why isn't this the recipients' problem*? > > Very few false positives too (usually it's > > email amongst our postmasters talking about spam or SA ;). > All it takes is one. Have you seen these stories? I can synthesize some false-positive horror stories. But if you've got a couple handy -- with real termination notices -- let 'er rip. > > World domination of course. Because we /could/ add that stuff fairly > > easily if we had the resources to expend on it. Would it still be > > useable? For some audiences yes, others no. I'm fairly sure the > > kind of anonymizing we're talking about would never fly in the Python > > and Zope community, where as it's probably essential in a less > > cloistered environment like lists.apple.com. Which leads me to > > believe that we need to make it much easier to install themes or > > styles of lists, from the paranoid anonymizer to the laissez-faire > > discussion list. > > You have nailed it on the head. Which is why I brought it up. Not because > this is the way it has to be in the future, but because all this is making > Mailman's job a whole lot more complex (we were whining about that at work > today, or at least I was and everyone was nodding sympathetically and > looking for an open window -- email used to be pretty easy and straight > forward. And now.....). But not just because all this crap is getting in the > way, but also that fixing this crap is overkill for some environments, and > going to be NOT ENOUGH in others. Wow. Yeah, those two paragraphs capsulize it pretty well. Glad *I'm* not the architect. > > CVR> Happy Macworld Expo week, all. If you need me, I'll be in the > > CVR> war room, beating my head against a wall. > > > > Any chance you could make it down to DC for a side trip? We could > > have a Mailman hacking sprint over a few dozen steamed Maryland blue > > crabs and some cold ones. :) > > Damn, that sounds good, but -- I've had to give up crab and shellfish (I've > developed an intermitten sensitivity to it. Sigh!) and I'm staying in > cupertino where I'll be manning the war room this week making sure buttons > get pushed when they need pushed, and not a minute before.... You go, boy. Cheers, - jra -- Jay R. Ashworth [EMAIL PROTECTED] Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274 "If you don't have a dream; how're you gonna have a dream come true?" -- Captain Sensible, The Damned (from South Pacific's "Happy Talk") _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman-21/listinfo/mailman-developers
