On 8/7/07, Manlio Perillo wrote: > Well, having a pre-built packages systems has also some benefits.
True enough, and where it makes sense we do make wide use of binary packages for other things on the system. > The Debian Secutiry team still supports Debian Sarge. > And in theory, if a security problem is found in an upstream package, > the fix should be back ported on the Debian package. The crux of that problem is the "... in theory ..." part. In practice, we know that they make a lot of modifications that they don't share with us (for whatever reason), and because of all of the internal code changes, we can't be sure that when we fix a bug in our code that they fix the same bug in theirs, or that they don't create other bugs that we don't have. Also, we know that they tend to be slow to update, and they tend to limit the stuff they back-port. So, for critical stuff, I strongly believe that you really do want to run from the source tarballs themselves. > Well, the question of email in clear was raised by an > it.comp.lang.python newsgroup user. > And on this newsgroup, many of us do not use their real email address. If you're used to address obfuscation, then you probably don't know how many news servers out there that are silently throwing away your articles. And you probably do care more about the address obfuscation than getting your articles to the widest possible audience. However, as a system administrator who would be supporting a reasonably large group of people, the problem you've got is that what particular individuals think is good for them is not necessarily good for the group as a whole, and may not even be good for the particular individuals who don't know any better. You will need to choose where to balance the expectations and benefits of single individuals against those of the group, and you will also have to take into account the capabilities of the software. One thing to keep in mind is that e-mail users generally assume that the addresses will not be obfuscated, and so if they start seeing obfuscated addresses then they are likely to be confused -- especially if they try to reply to that person directly. So, they may have a benefit by having their e-mail addresses obfuscated when the cross the gateway, but they don't generally have an expectation that the gateway would do this for them. Overall, obfuscated addresses for e-mail users are a bad thing. In the case of USENET users, they may well be used to the address obfuscation of their choice, and they shouldn't be too surprised to see some users whose addresses are not obfuscated. However, you may not be able to re-generate a valid e-mail address for them based on their obfuscation scheme, so it's going to be difficult to un-scramble that egg. Overall, obfuscated addresses for USENET users may somewhat reduce their spam load, but these days spammers have multiple address snarfing techniques, so any obfuscation that is done is likely to be of minimal real benefit, although they may perceive a much larger benefit than is actually achieved. When you mix these communities via a gateway, you get some interesting problems where the expectations of one group conflict with the expectations of the other. And I'm not sure that anyone here can give you any hard rules to follow in such cases. -- Brad Knowles <[EMAIL PROTECTED]>, Consultant & Author LinkedIn Profile: <http://tinyurl.com/y8kpxu> Slides from Invited Talks: <http://tinyurl.com/tj6q4> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
