Hi Dan,
Given the risk, now made worse by Bernhard's very helpfully distributing this script for spammers, this is a really urgent issue.
Not that hard to write such a script. I expect the spammers already have several alternatives to choose from. So, it's quite likely no harm has been done, and some good, arising from Bernhard's raising the issue in public.
Ok - granted. Sorry for sounding a little passive aggressive there. :-)
I'd go further and mention that while Berhhard's script harvests membership rosters, it isn't that much more difficult to write a script that gets around the obfuscation of email addresses in the list archives.
Mhonarc on my system actually removes the email address completely in the archives.
The mbox archives are still intact though, so if someone knows how mailman works they could probably hack their way into there. MBOX files generally are a motherlode for spammers.
My idea eventually is to replace mhonarc archives with a forum for discussion groups and newsletter archives, all integrated with my Mambo CMS. It's great to have the mbox files ready to be imported. This way you don't end up with disabled archives and you don't open up subscribers to having their email addresses harvested.
(Hey, anybody got a lead on a Seattle-area opportunity for a rabid Python
developer? Who also does C, SQL, HTML, CSS and various assemblers?)
Try introducing yourself to the nonprofit open source initiative folks. They're very into drupal etc, and of course also use mailman. http://www.nosi-net
There are a pretty fair number of good reasons for keeping list archives
open. My opinion is a person posting to a list assumes the risk of
having his or her email address harvested, and that one unwilling to assume
this risk should refrain from posting. However I understand if others
do not subscribe to that belief, and that there may be circumstances where
there are reasonable grounds for wanting to manage a list by some other
policy.
I think the answer to this is that not everybody is as familiar with these tools as we are, and we can't assume that the people we are trying to serve are willing or able to put up with confusion about this sort of thing. Hence, again, my plans to develop a yahoo-like service that is more transparent and easy to navigate and use. These types of questions simply shouldn't even come up.
My suggestion is that an option be considered to redact all email addresses whatsoever from a list archive. Including anything mentioned in-line in the text of the post that even vaguely looks like an email address.
Yes. This is what mhonarc does.
No doubt somebody on this list manages a list where users are quite
sensitive to public exposure, who might care to advocate for such an option,
and even code it, should the idea meet with sufficient approval.
Yes. We do. We also often find ourselves in the awkward position of having to manually remove postings from our archives because people are being defamed etc or have posted something that they didn't realize was going to be archived and are now regretting it. Many people using our lists are African activists and this can (to be dramatic) be a matter of life and death.
Cheers,
Tobias
-- Tobias Eigen Executive Director
Kabissa - Space for Change in Africa http://www.kabissa.org
* Kabissa's vision is for a socially, economically, politically, and environmentally vibrant Africa, supported by a strong network of effective civil society organizations. *
_______________________________________________
Mailman-Developers mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
