On 7/16/02 5:49 PM, "Jay R. Ashworth" <[EMAIL PROTECTED]> wrote:
> On Tue, Jul 16, 2002 at 05:07:48PM -0700, Chuq Von Rospach wrote: >> in contact with the author of a message? If the archive is scrubbed, that >> info is gone. And (god forbid), you get into a legal tangle? > the archives by anything I know about -- you *are* familiar with the > term "retention policy", right? :-) True, but let me rephrase with the situation I should have used in the first place. Two of your users get into a fight on the list. One of them finally says some variation of "you are a dead man". Three weeks later, the other guy's house burns down because of arson, and all you have is an archive with no identifying information in it.... >> archiving system (one file per message) via a perl script. We're about to >> take our new search engine out of beta with the thing, finally. > > I hope you're de heirarchicalizing the directories. I'm confused. What are you suggesting? (FWIW, our structure is <listname>/yyyy/mm/dd/) > Some places put spaces in mailbox names -- you'd better deal with > quoted LHS's. I know. That's one of the things we need to evaluate still. >> If you go the step further and anonymize the postings ON the list, so >> subscriber email addresses simply are never shown to other subscribers under >> any circumstances (ugh. Urp. I can't believe I'm saying that. This is so >> anti-community it hurts), you have no choice and reply-to has to point to >> the list, since it's the only contact point left. > > Well, no: reply-to should be ADDRESS-REMOVED-FOR-SECURITY, and the pain > should be pointed at the list admin. No, I don't agree. You still, at least in theory, want users to have a conversation. But by cloaking on the address, you are, effectively, forcing that conversation to go through the list under all circumstances. So reply-to should go to the list, not the admin. >> that step further, but you could also set it up so validated subscribers >> could get to the real addresses. > > That would be a bit helpful, but *does* fundamentally change what the > package is doing. Yeah. It's a fairly significant hunk o' code, AND it requires, basically, that '*@some.domain' be forwarded to the server for processing. Or at a very minimum, an LDAP lookup for valid addresses, because trying to manage that as an alias file or some static structure would be deadly. >> using the remailer address in mail that leaves the site, but a subscriber >> could go to the list system and look a user up. That gets us away from the >> politics of the anonymous stuff. > > But conversely, if subs can see real addresses in real messages, you're > only one step away from the harvesting problem you mentioned earlier. Yes, but it keeps it out of those !@#$@%@$#@!@#@! automatic caches. And in theory, you could tell if someone started harvesting, because the system could be taught to watch for systematic walks through the database. > Chuq, it's obvious to me that that's not a good enough answer for you. > but I'm afraid, even though I know you've put at least one long reply > to me into trying to explain why not in the past, that I still don't > get it. > > Maybe it's me. No, it's that we're still hashing things out, and a number of things, in general, just aren't clear (or resolved) > But *why isn't this the recipients' problem*? Or more correctly, why isn't it ONLY the recipient's problem? Two reasons: 1) I (as the list admin to the recipient) am offering a service. I strongly believe that if I'm offering a service, I have an ethical (if not legal) responsibility to make that service as problem free as possible. To me, the alternative is the same as selling toasters that aren't US approved because I feel it's the buyer's responsibilty to make sure they aren't electrocuted. Now, I think it's ALSO the buyer's responsibilty to be aware of the risk of electrocution, but that doesn't remove the responsibility from me to not sell them a cheap, shoddy toaster. 1.5) Having said that as list admin -> recipient, iterate and I feel the same is true of "mail list developer" -> list admin. Because... 2) I feel it is a responsibility of the experts to do what they can to take care of the not-so-experts. Since we (the developers) are the experts. We have the ability to build systems to deal with this, and so I feel we should, so that people who aren't as capable can benefit as well. Saying "it's his responsibility" only works as long as "he" can ALSO do what we do and knows what we know, and that's clearly not a true assumption. So saying that is really not assigning responsibility, but ducking it. That doesn't means we ought to solve all of the problems in the universe, but we are the folks most qualified to understand and solve these things -- so we should. It's easy to say "every man for themselves" when you're at the top of the food chain, because you CAN do it. But I think it avoids the real responsibility by making the false assumption that it's just as simple for others to do it, too. If it was, we wouldn't be at the top of the food chain, wouldn't we? Instead, I see it as a rationalization to avoid having to do the work needed so that others can also use it. If everyone had the same skill set, Jay, I'd agree with you. But they don't. And the nice thing is, some of those people are at the top of the food chain in other skillsets, and we get to benefit from what they know. And if they were all off trying to learn what we already know, they probably wouldn't have the time or energy to build things in their expertise we can benefit from, so it all evens out at the end. Imagine if Tim Berners-Lee was too busy writing spamblock software to invent the browser.... I see us leveraging our expertise as a way to make sure some other expert gets to leverage their expertise so that whatever they can invent actually gets invented -- rather than sidetracked by something we could have saved them from but didn't, because we were self-focused. >> All it takes is one. Have you seen these stories? > > I can synthesize some false-positive horror stories. But if you've got > a couple handy -- with real termination notices -- let 'er rip. I can't give any definite examples to protect the people involved, but I know of a couple of people who've had their careers significantly impacted because of this stuff. Maybe not fatal, but third degree burns. -- Chuq Von Rospach, Architech [EMAIL PROTECTED] -- http://www.chuqui.com/ He doesn't have ulcers, but he's a carrier. _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman-21/listinfo/mailman-developers
