Bug#63995: bugs.debian.org reveals e-mail addresses to spammers
severity 63995 grave thanks A solution is available and it's trivial. Just conceal the addresses from the public web interface and mailing list archives, requiring authentication to access the full report. This is what's done in Ubuntu, Red Hat, XFCE, and about just any sensible project I know of. And requiring another account or manually reporting each spam is not a solution. Firstly, another account is unnecessary and cumbersome, and secondly, reporting spam is not always possible nor effective to a regular user, and in some cases this "solution" takes just too much time and effort to be feasible. It's just common sense that you don't reveal email addresses publicly nor to spammers. This makes the BTS unusable to anyone who doesn't set up and use an email account separately and purposefully for that, and which handles spam effectively. Additionally, this goes against point 4. of the Debian Social Contract. Raising severity to grave accordingly.
Bug#63995:
[image: image.png]
Bug#63995: Urgent
-- This is Lawyer, Franck Edson. Am contacting you on behalf of my client whose identity has not yet been disclosed to avoid conflicts of interest. My client is considering investment / business partnership in your country. Details of investments / transactions are strictly confidential, and therefore I cannot provide details until confirm that this email is personal to you.let me know if this is your personal email address, or advise on how to communicate with you securely and confidentially. More detailed information will be provided in our next message. Thank you for your time and for looking forward to it quickly. Sincerely, Lawyer, Franck Edson
Bug#63995: hope
Good day , i write to inform you as auditor onbehalf of ORABANK. Transaction number 000399577OBK have been approved for release through VISA ELECTRON ATM Card. Note that you are required to reconfirm your complete mailing address for delivery. Reconfirm code 000399577OBK to the Director Mr. Patrick Masrellet on ( ( atm.orab...@iname.com )) for further action. Regards. Atony Anderson( Esq)
Bug#63995: Fwd: Sicherheitswarnung
-- Gesendet über myMail für Android Weitergeleitete Nachricht Von: Google no-re...@accounts.google.com An: tommi.leip...@gmail.com Datum: Sonntag, 06 Januar 2019, 04:57vorm. +01:00 Betreff: Sicherheitswarnung >*.googlesource.com wurde Zugriff auf Ihr Google-Konto gewährt >tommi.leip...@gmail.com > >Falls Sie keinen Zugriff gewährt haben, sollten Sie diese Aktivität prüfen und >Ihr Konto sichern. >Aktivität prüfen >Wir haben Ihnen diese E-Mail gesendet, um Sie über wichtige Änderungen zu >Ihrem Google-Konto und den Diensten von Google zu informieren. >© 2019 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA >154674704100
Bug#63995: hi
Hi dear, I am Capt Katie Higgins please i wish to have a communication with you.I will wait for your response, Capt Katie Higgins
Bug#63995:
Bug#63995: a
Sent from my iPhone
Bug#63995: (no subject)
I've downloaded the mbox archive for 2010-12. Although my Launchpad username appears in the archive, my e-mail doesn't -- as expected. Even if it did, the less an e-mail is broadcast on the web, the better (spam-wise). Unfortunately large areas of open-source projects (like Debian, Ubuntu) have been taken over by jerks. Jerks who block change simply because they can impose misery on others. Jerks who abuse wontfix. Jerks who fork a debian package from upstream and then abandon it. Jerks who reject perfectly sound arguments. Jerks who refuse to accept bugs in the components they control and send users elsewhere to complain. I think the solution will have to come from outside. We need something like a petition-type website to expose (and shame!) retrograde developers/maintainers and allow users to vote them off Debian, Ubuntu, Wikipedia etc. These people are on an ego-trip, so unfortunately it won't be easy... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995:
On 01/-10/-28163 02:59 PM, Jeremy Nickurak wrote: You register for an account, and that account has an email address (or multiple email addresses) associated with it. The BTS will not require registration. Normally, bugs are viewed/edited/posted via a rich and expressive web interface, however, if you really want to make modifications via email, you can do so, as long as you send the email from an address on your account. Launchpad then performs the corresponding action, stripping your email out of the spam-harvester-viewable record. Email is the sole means of manipulating bugs via the BTS. Since you mentioned Launchpad, you should also note that the full volume of bug mail for Ubuntu is published in mbox format, see http://people.canonical.com/~listarchive/ubuntu-bugs/2010-12 for example. This includes submitter email addresses. -- ╒═╕ │Luke Faraone ╭Debian / Ubuntu Developer╮│ │http://luke.faraone.cc╰Sugar Labs, Systems Admin╯│ │PGP: 5189 2A7D 16D0 49BB 046B DC77 9732 5DD8 F9FD D506 │ ╘═╛ signature.asc Description: OpenPGP digital signature
Bug#63995:
Launchpad handles this nicely, in my experience. You register for an account, and that account has an email address (or multiple email addresses) associated with it. Bug reports do not inclued the email address of your account. In order to see someone's email address via the web you (at a minimum) must be logged into your account. Normally, bugs are viewed/edited/posted via a rich and expressive web interface, however, if you really want to make modifications via email, you can do so, as long as you send the email from an address on your account. Launchpad then performs the corresponding action, stripping your email out of the spam-harvester-viewable record. Best-of-all-possible-worlds, as far as I can tell.
Bug#63995: obfuscation
The solution (namely, turning @ into !-- blah --#64!-- blah -- is a needless obfuscation that isn't going to actually net us anything. This sounds like a plausible argument, but it hasn't been my recent experience. I submitted my 1st Debian bug on 7/29/10 at 3.51pm and got my first spam email on the address used on 7/30/10 at 5.20pm, less than 26 hours later. Compare that to the Cygwin mailing list where I submitted a bug on 4/27/10 and where the address used has, as far as I can remember, yet to receive any spam. Cygwin uses a simple @ - at and . - dot obfuscation method. I think it very likely that Debian is losing bug reports because of this issue. I nearly balked myself, and I can assure you that I only went ahead because the Yahoo Plus mail account (that I pay for) lets me generate disposable addresses. Not everyone has this capability. Given that spam filters are not perfect I think many people are still inclined not to knowingly invite spam by posting non-disposable addresses on the web. While I agree that my recent experience is a sample of two, and so not exactly solid scientific evidence, I do think some sort of simple, yet novel, obfuscation method would be likely to help. Since it is now attracting spam I'll now disable the disposable address used for my Debian bug report and this comment. I guess that means that I will now become uncontactable via my bug report... which ironically is, I gather, exactly what you are trying to avoid by posting email addresses in the first place. My Cygwin address, meanwhile, is still active... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Just Won Prize!!!
Your email has just been awarded the lump sum of (£ 2.500.00) from the Camelot National Lottery United Kingdom: Please contact our Fiduciary Agent for VALIDATION MR.CLIFF MONGER.Phone Number: +447024057832 E-mail: cnluk_2...@hotmail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Just Won Prize!!!
Your email has just been awarded the lump sum of (£ 2.500.00) from the Camelot National Lottery United Kingdom: Please contact our Fiduciary Agent for VALIDATION MR.CLIFF MONGER.Phone Number: +447024057832 E-mail: cnluk_2...@hotmail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Financial aid from E U,contact Dr Russel immediately.
Seven Hundred and Fifty thousand Pounds have been awarded to you with ticket number (EU 2009 ZTL) contact Dr Russel for claims. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: There should at least be some warning your email will be publicly visible
Hi there, So I see this bug report doesn't seem to be going anywhere. Can I suggest that at least it is made clear to someone posting a bug that the email address they use to do so will be publicly distributed? I posted my first bug recently and there was no indication that this would be the case. Jem. Need a Holiday? Win a $10,000 Holiday of your choice. Enter now.http://us.lrd.yahoo.com/_ylc=X3oDMTJxN2x2ZmNpBF9zAzIwMjM2MTY2MTMEdG1fZG1lY2gDVGV4dCBMaW5rBHRtX2xuawNVMTEwMzk3NwR0bV9uZXQDWWFob28hBHRtX3BvcwN0YWdsaW5lBHRtX3BwdHkDYXVueg--/SIG=14600t3ni/**http%3A//au.rd.yahoo.com/mail/tagline/creativeholidays/*http%3A//au.docs.yahoo.com/homepageset/%3Fp1=other%26p2=au%26p3=mailtagline
Bug#63995: ***Contact Dr Pinkett Griffin Immediately
{one million pounds} was won by your E-ID
Verify this mail immediately by sending in your information. This will include
your name, address, age, phone number etc to drpinkettgrif...@w.cn
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Loan Application !!!
We loan at 3%,anyone interested write us via. Name... Amount... Address... Duration... Send to jmc_loanf...@ymail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Loan Application !!!
We loan at 3%,anyone interested write us via. Name... Amount... Address... Duration... Send to jmc_loanf...@ymail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Grant Award!!!
E U National Grant approved.you are among the selected beneficiary contact MR ANDERSON VIA andersonnew...@live.com for proceed of claims -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Congratulations
File for UK Award 2009 claim of £1,000,000.00 Pounds with your; Name,Tel Country. send to: agentanth...@ymail.com Tel: +44-704-573-0755 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Measures to reduce the usefulness of the bts to spammers
Are you still thinking that the bts should not be modified in order to make it less useful for spammers? Are you still not accepting patches for this purpose, nor willing to fix it yourself? As an aside: how can one obtain the bts source? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Measures to reduce the usefulness of the bts to spammers
On Sun, 22 Feb 2009, shaul Karl wrote: Are you still thinking that the bts should not be modified in order to make it less useful for spammers? Are you still not accepting patches for this purpose, nor willing to fix it yourself? See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=63995#124 What I say there is still the case. As an aside: how can one obtain the bts source? See http://wiki.debian.org/Teams/Debbugs Don Armstrong -- EQUAL RIGHTS FOR WOMEN Don't be teased or humiliated. See their look of surprise when you step right up to a urinal and use it with a smile. Get Dr. Mary Evers' EQUAL-NOW Adapter (pat. appld. for) -- purse size, fool proof, sanitary -- comes in nine lovely, feminine, psychedelic patterns -- requires no fitting, no prescriptions. -- Robert A Heinlein _I Will Fear No Evil_ p470. http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Final Notice/Claims Processing Form
Your:E-mailAddress won {£1,000,000 pound sterlings} it has been insured and
ready for pay out.Contact your claims administrator with your name,tel and
country,Claims Administrator Name:Mr.Gary Cooker
Email:raymondjohnsonoff...@btinternet.com
phone:+447024021771
Regards,
Mr.Gary Cooker.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Final Notice/Claims Processing Form
Your:E-mailAddress won {£1,000,000 pound sterlings} it has been insured and
ready for pay out.Contact your claims administrator with your name,tel and
country,Claims Administrator Name:Mr.Gary Cooker
Email:raymondjohnsonoff...@btinternet.com
phone:+447024021771
Regards,
Mr.Gary Cooker.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#63995: Office of Foreign Assets Lodgings
HELLO I am writing to inform you that today at the Foreign Assets Treasury Lodgings of U.S. Department of the Treasury Washington, DC we received and acknowledged your inheritance funds via cash consignment box from United Nations (UN) Association of London, United Kingdom Liaison Office valued at $10.5Million Dollars. Hence you have to contact my office for further clarifications to this matter: Email:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#63995: Solution ?
Hi there, is there any solution for this bug incoming ? I mean for me personally it´s impossible to report any further, because of this spam I get through this site. Captcahs or Mailform´s would be great to protect us for getting spam. Anyone working on this ? -- Feel free - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#63995: Solution ?
On Mon, 27 Oct 2008, [EMAIL PROTECTED] wrote: is there any solution for this bug incoming ? I mean for me personally it´s impossible to report any further, because of this spam I get through this site. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=63995#81 Captcahs or Mailform´s would be great to protect us for getting spam. Neither will protect you. Using a spam filter is the way to go. [It's pretty trivial to get 95% accuracy with a basic SA install; with a bit of work you can get even higher percentages.] I have no problem with adding methods to block automated crawlers of b.d.o via black holes and/or invalid e-mail addresses, though they're not particularly high on my priority list. However, none of these methods involves obfuscating or blocking access to e-mail addresses or the site, neither of which are methods that I support, will implement, or will accept patches for. Don Armstrong -- I'd never hurt another living thing. But if I did... It would be you. -- Chris Bishop http://www.chrisbishop.com/her/archives/her69.html http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#63995: bugs.debian.org reveals e-mail addresses to spammers
Another solution is to implement CAPTCHA to protect email addresses, or any mbox's raw data. Something like what implemented in googlegroups web interface.
Bug#63995: meta name=no-email-collection and projecthoneypot.org
Hi, I think b.d.o should at least send a no-email-collection meta tag on every page. The projecthoneypot.org project attempts to identify email harvesters (not spammers) by generating unique email addresses which mach the IP of the visitor and hides these addresses from human visitors. This is done so only non-human visitors (e.g. harvesters) find the identifier (the unique email address) and send spam to it and thus identifying who the harvester is. At projecthoneypot.org there are some pages[1][2][3] providing useful information. I would also recommend the installation of a honeypot at b.d.o so we help this project. If this meassure is taken, there are two possible things that may occur: 1.- Harvesters are detected and possibly blocked by making use of projecthoneypot's http:BL API[4] 2.- Harvesters understand it won't do any good to them grabbing emails from b.d.o and make their bots skip b.d.o [1] http://www.projecthoneypot.org/how_to_avoid_spambots_5.php [2] http://www.projecthoneypot.org/honey_pot_example.php [3] http://www.projecthoneypot.org/faq.php#c [4] http://www.projecthoneypot.org/httpbl_api -- Atomo64 - Raphael Please avoid sending me Word, PowerPoint or Excel attachments. See http://www.gnu.org/philosophy/no-word-attachments.html signature.asc Description: This is a digitally signed message part.
Bug#63995: spamtraps to protect debbugs mail addresses
[bcc to all contributors to #63995] also sprach Don Armstrong [EMAIL PROTECTED] [2005.08.24.1024 +0200]: The solution (namely, turning @ into !-- blah --#64!-- blah -- is a needless obfuscation that isn't going to actually net us anything. I agree with this (even though the approach works for me beautifully). I've had major success with postfix spamtraps. The basic idea: for each address [EMAIL PROTECTED], add [EMAIL PROTECTED] (where 1 could be anything that's not going to be in regular email addresses; I use .tarpit) to whatever webpage. on the postfix side, add a PCRE or regexp map entry to check_recipient_access: /^.+\.bogus@/ DISCARD is a tarpit (explicit) profit. The theory: spammers harvest addresses and [EMAIL PROTECTED] and [EMAIL PROTECTED] are so close together that they are likely to be in the same batch of mail sent out. Now if postfix receives a multi-recipient mail, where [EMAIL PROTECTED] is one of the recipients, it discards the whole mail. Look at http://blog.madduck.net how I worked this in with HTML. I guess one advantage of this is that everyone could do this themselves, if they have a mail server they admin. I'd love for @debian.org addresses to do something similar, e.g. [EMAIL PROTECTED] -- .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#63995: another plea and an idea for protection against spam
Hello, It has been more than 7 years since this bug was opened and it seems to me that this problem hasn't been addressed in any way in Debian. I would really like to see at least the trivial obfuscation that Adam M. Costello proposed in [1]. AFAICT there is no disadvantage to his proposal and it could slow down spam. Also saying that there will be people doing directed attacks to the BTS so there is no point in trying to hide emails is like saying that since there will be at some point a thief breaking into a house anyway, you shouldn't try to put any kind of lock on it anyway. I am all for the openness policy of Debian, but this affects privacy in a really bad way. I would also like to propose another solution for this problem. What if there is an authentication method added to bts that, when used allows people to view the full details of people, emails and things like that, but, when somebody browses as a guest, the email addresses are obfuscated? People interested in reporting can authenticate and use the system like they do now. People wanting to browse the issues can view all the information they need (the bug no-s and adresses should not be obfuscated in any case). This way spam can be kept under some acceptable values... Please reconsider implementing this feature. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=35;bug=63995 -- Regards, EddyP = Imagination is more important than knowledge A.Einstein signature.asc Description: OpenPGP digital signature
Bug#63995: Please reconsider this bug
Hello. I'm just a regular Debian user, but please reconsider doing something about the distribution of bug reporters' email addresses, at least through the web interface. It has gotten so bad that the turnaround between reporting a bug through 'reportbug' with a brand new email-address and receiving spam is now less than 5 hours: (reporting the bug) Jul 19 16:07:39 chaos postfix/qmgr[9820]: E0F89EAC19B: from=[EMAIL PROTECTED], size=2443, nrcpt=2 (queue active) Jul 19 16:07:42 chaos postfix/smtp[12686]: E0F89EAC19B: to=[EMAIL PROTECTED], relay=bugs.debian.org[140.211.166.43]:25, delay=5.7, delays=1.9/0.68/2.4/0.68, dsn=2.0.0, status=sent (250 OK id=1IBWfO-0007x1-DK) (being spammed. also note that they are spamming another account I used a couple of days ago for another bug, which I had to close) Jul 19 20:59:49 chaos postfix/smtpd[13768]: connect from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:49 chaos postfix/smtpd[13769]: connect from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:50 chaos postfix/smtpd[13769]: NOQUEUE: reject: RCPT from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230]: 554 5.7.1 [EMAIL PROTECTED]: Recipient address rejected: This address is no longer in service due to excessive incoming spam. Try [EMAIL PROTECTED]; from=[EMAIL PROTECTED] to= [EMAIL PROTECTED] proto=SMTP helo=growthstockguru.com Jul 19 20:59:50 chaos postfix/smtpd[13768]: 40A95EAC114: client=pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:50 chaos postfix/smtpd[13769]: lost connection after RCPT from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:50 chaos postfix/smtpd[13769]: disconnect from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:50 chaos postfix/cleanup[13772]: 40A95EAC114: message-id=[EMAIL PROTECTED] Jul 19 20:59:51 chaos postfix/qmgr[9820]: 40A95EAC114: from=[EMAIL PROTECTED], size=22098, nrcpt=1 (queue active) Jul 19 20:59:51 chaos postfix/smtpd[13768]: disconnect from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:51 chaos postfix/local[13773]: 40A95EAC114: to=.., orig_to=[EMAIL PROTECTED], relay=local, delay=1.9, delays=1.5/0.19/ 0/0.25, dsn=2.0.0, status=sent (delivered to command: procmail -a $EXTENSION) It is fairly obvious that someone is aggressively and automatically sourcing spam targets from your bug tracker. Even with RBLs, spamassassin etc. it's becoming difficult to protect against spam due to the way modern spam mails are formatted. Of course nothing will prevent a dedicated attacker from writing a bot, but simple random munging of the HTML sounds like a cheap way to at least slow them down a bit. Thanks in advance. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#63995: comment in support to Don
Hello, it makes me smile to read the first requests, dated back in the good old times when people found it disturbing to receive 1 spam/day (and bug numbers still fitted 5 digits...). My company's spam-killer has moved to /dev/null as many as 4512 messages to my address since Jan 8 2007, i.e. an average 61/day. About 3 to 6 more come through and I need to delete myself every day. Still, Paul Johnson Don Armstrong are perfecly right with wontfix. It's no solution to pretend that simple tricks such as those suggested here could protect e-mail addresses in any durable way. With spammers around, an address can run but can't hide... ;-( Nowadays most anti-spamming activity is implemented at router level, and there is not much point avoiding one's e-mail to appear on the www: it will anyway soon or later. Best, Nick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#63995: Why did you wontfix bug 63995?
Don, recently you tagged bug 63995 bugs.debian.org reveals e-mail addresses to spammers with a comment saying YEAY STUPID DON'T SHOW MY EMAIL MEME!. As I don't think that comment really deals with the solutions suggested in the bug report, I'd appreciate it a lot if you could come up with a better explanation and CC it to 63995. Specifically, I'd appreciate it if you could respond to the message from Adam M. Costello, posted Sat, 23 Nov 2002 00:28:05 +. Thanks //Johan -- Mailblocks - A Better Way to Do Email http://about.mailblocks.com/info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#63995: Why did you wontfix bug 63995?
Why did you wontfix bug 63995? Because it won't be fixed. On Tue, 23 Aug 2005, Johan Walles wrote: recently you tagged bug 63995 bugs.debian.org reveals e-mail addresses to spammers with a comment saying YEAY STUPID DON'T SHOW MY EMAIL MEME!. As I don't think that comment really deals with the solutions suggested in the bug report, I'd appreciate it a lot if you could come up with a better explanation and CC it to 63995. The solution (namely, turning @ into !-- blah --#64!-- blah -- is a needless obfuscation that isn't going to actually net us anything. Not to mention the fact that this is absolutely trivial for anyone harvesting messages to circumvent, the actual e-mail addresses are made available to multiple mailing lists, and far more useful methods exist for dealing with the spam problem. [And no, we're definetly not going to be munging the e-mail addresses present in the mboxes.] See also the thousands of messages that have been expended on similar arguments regarding lists.debian.org. Don Armstrong -- [this space for rent] http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#63995: bugs.debian.org: Why the uncompromising, unfounded by argument stance?
Package: bugs.debian.org Followup-For: Bug #63995 Hi, many people have reported this to be an issue for them. Quite a few of them quit writing bug reports. I really do not understand why the maintainers of bdo blatantly ignore this problem when solutions have been put forward that do not impact upon contactability while restraining the thugs at least to a certain extent. The @ is still unmasked in the web pages. I take this as a sign that the Debian organization disrespects my and others right to privacy. Again there is NO loss whatsoever from doing this. The last message from Johan Walles has just been ignored. In light of the current situation, I also think that the absolute, uncompromising stance in favor of publication of mail addresses vs. privacy needs discussion and revision. There is a trade-off but an absolute stance in most situations will be unbalanced. The situation of unmasked @ on the website where this is not even a trade-off is just an affront! Regards Rolf Leggewie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
