Re: DLAs not arriving at my mailbox and I think it may be a general issue
On Sun, 03 Feb 2019, Ola Lundqvist wrote: > Hi > > I can understand the view that gmail, yahoo and others are to blame for the > lost message. It is after all that service that rejected it. I do however > think we need to live with the fact that we may have users that tend to use > such services. If it is just for me I can safely ignore the problem. These > emails are not that valuable to me, really. The reason why I brought this > up was to ensure that our users do not have the same problem. > If we conclude that this is not so important, then I can live with it. > > I cannot tell for sure what the fault was with that email. I'm not even > sure there were any specific fault with it. It may have been the rate of > things arriving or some similar factor. > > What I can tell is that lists.d.o do not follow gmail recommendations. And > some of them are generally good to avoid spam and other stuff. Several of those recommendations are nonsense. > > First of all the reverse address is not the same as the forward address: > > ola@tigereye:~/git/security-tracker$ getent hosts 82.195.75.100 > 82.195.75.100 bendel.debian.org > ola@tigereye:~/git/security-tracker$ getent hosts bendel.debian.org > 2001:41b8:202:deb:216:36ff:fe40:4002 bendel.debian.org Like that one. > > I guess bendel has both IPv4 and IPv6. The reason why it was using IPv4 > this time was that my server do not have an IPv6 address. I guess this is > quite common too even though IPv6 gets more and more common these days. > > There is no SPF record for lists.debian.org. Should'nt we have that? no, the RFC says its not required. > > I guess these two problems above are a strong factor in this. > > And then finally the from address vary. I can understand that it may not be > the best to change that, but maybe we should have this as a per-list option. No chance. I would even leave the project when we start the *censored* of rewriting from addresses. Alex
Re: DLAs not arriving at my mailbox and I think it may be a general issue
Hi I can understand the view that gmail, yahoo and others are to blame for the lost message. It is after all that service that rejected it. I do however think we need to live with the fact that we may have users that tend to use such services. If it is just for me I can safely ignore the problem. These emails are not that valuable to me, really. The reason why I brought this up was to ensure that our users do not have the same problem. If we conclude that this is not so important, then I can live with it. I cannot tell for sure what the fault was with that email. I'm not even sure there were any specific fault with it. It may have been the rate of things arriving or some similar factor. What I can tell is that lists.d.o do not follow gmail recommendations. And some of them are generally good to avoid spam and other stuff. First of all the reverse address is not the same as the forward address: ola@tigereye:~/git/security-tracker$ getent hosts 82.195.75.100 82.195.75.100 bendel.debian.org ola@tigereye:~/git/security-tracker$ getent hosts bendel.debian.org 2001:41b8:202:deb:216:36ff:fe40:4002 bendel.debian.org I guess bendel has both IPv4 and IPv6. The reason why it was using IPv4 this time was that my server do not have an IPv6 address. I guess this is quite common too even though IPv6 gets more and more common these days. There is no SPF record for lists.debian.org. Should'nt we have that? I guess these two problems above are a strong factor in this. And then finally the from address vary. I can understand that it may not be the best to change that, but maybe we should have this as a per-list option. Best regards // Ola On Sun, 3 Feb 2019 at 22:54, Alexander Wirt wrote: > On Sun, 03 Feb 2019, Ola Lundqvist wrote: > > > Hi Antoine and Alexander > > > > Alexander: > > So what should we do to prevent this from happening? > Don't use gmail or at least tell me what exactly was wrong on the mail. > > > > Antoine: > > Thank you for pointing that out. > > > > I found this in the BTS: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830865 > > Is this what you are referring to? > That one is about alioth and bugs. The list relevant bug was > https://bugs.debian.org/500965 > > Alex > -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: DLAs not arriving at my mailbox and I think it may be a general issue
On Sun, 03 Feb 2019, Ola Lundqvist wrote: > Hi Antoine and Alexander > > Alexander: > So what should we do to prevent this from happening? Don't use gmail or at least tell me what exactly was wrong on the mail. > > Antoine: > Thank you for pointing that out. > > I found this in the BTS: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830865 > Is this what you are referring to? That one is about alioth and bugs. The list relevant bug was https://bugs.debian.org/500965 Alex
Re: DLAs not arriving at my mailbox and I think it may be a general issue
On Sun, 03 Feb 2019, Antoine Beaupré wrote: > On 2019-02-03 22:09:20, Ola Lundqvist wrote: > > If someone have an idea on how I may have screwed this up myself I'm happy > > to know. :-) > > After a quick glance, this might be gmail obsessing over DMARC. Typical > problems all mailing lists providers have suffered since this infamous > standard came up - the workaround is usually to rewrite the From header > in mailing lists to be the list itself. > > I'm actually surprised to see that lists.debian.org hasn't implemented > such workarounds yet, I would think this is a very common occurence... > > Probably something to discuss with listmasters, but check in the BTS > first (lists.debian.org metapackage). We added several workarounds by no longer breaking signatures. We won't do any more workarounds. Alex - Debian Listmaster
Re: DLAs not arriving at my mailbox and I think it may be a general issue
Hi Antoine and Alexander Alexander: So what should we do to prevent this from happening? Antoine: Thank you for pointing that out. I found this in the BTS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830865 Is this what you are referring to? Best regards // Ola On Sun, 3 Feb 2019 at 22:22, Alexander Wirt wrote: > On Sun, 03 Feb 2019, Antoine Beaupré wrote: > > > On 2019-02-03 22:09:20, Ola Lundqvist wrote: > > > If someone have an idea on how I may have screwed this up myself I'm > happy > > > to know. :-) > > > > After a quick glance, this might be gmail obsessing over DMARC. Typical > > problems all mailing lists providers have suffered since this infamous > > standard came up - the workaround is usually to rewrite the From header > > in mailing lists to be the list itself. > > > > I'm actually surprised to see that lists.debian.org hasn't implemented > > such workarounds yet, I would think this is a very common occurence... > > > > Probably something to discuss with listmasters, but check in the BTS > > first (lists.debian.org metapackage). > We added several workarounds by no longer breaking signatures. We won't do > any more workarounds. > > Alex - Debian Listmaster > > -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: DLAs not arriving at my mailbox and I think it may be a general issue
On 2019-02-03 22:09:20, Ola Lundqvist wrote: > If someone have an idea on how I may have screwed this up myself I'm happy > to know. :-) After a quick glance, this might be gmail obsessing over DMARC. Typical problems all mailing lists providers have suffered since this infamous standard came up - the workaround is usually to rewrite the From header in mailing lists to be the list itself. I'm actually surprised to see that lists.debian.org hasn't implemented such workarounds yet, I would think this is a very common occurence... Probably something to discuss with listmasters, but check in the BTS first (lists.debian.org metapackage). Cheers, A. -- Be the change you want to see happen. - Arleen Lorrance, 1974
DLAs not arriving at my mailbox and I think it may be a general issue
Hi all LTS contributors I think we potentially may have a problem with some of the DLAs issued. I do not know whether this was a temporary glitch but after some investigation I think it could be more of a general problem. Take this DLA for example: https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html I found the reason why it did not arrive in my mailbox and it was the following line. Yes I use gmail. 2019-01-30 20:36:56 1govfL-Ak-09 <= bounce-debian-lts-announce=ola= inguza@lists.debian.org H=bendel.debian.org [82.195.75.100] P=esmtp S=10370 id=Gc6ByBZBRWD.A.9dC.LzfUcB@bendel 2019-01-30 20:36:57 1govfL-Ak-09 ** ola.lundqv...@gmail.com < o...@inguza.com> R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [108.177.15.27] X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=yes DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com": SMTP error from remote mail server after end of data: 550-5.7.1 This message does not have authentication information or fails to pass\n550-5.7.1 authentication checks. To best protect our users from spam, the\n550-5.7.1 message has been blocked. Please visit\n550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more\n550 5.7.1 information. b8si2039880wmc.115 - gsmtp Other lts-announce emails have arrived to my mailbox, but not all. I'm missing the DLA for qmail, rssh, libav and some more (I have not yet checked if it is because it has not been issued or whether it is because the mail have gone missing on the way to my mailbox). One could argue that my setup is not proper, but I think mail forwarding to gmail is quite common. So why do I bring this up? I think maybe we need to ensure that the emails are not blocked this way. I found a problem that my mail server did not have a proper PTR record but I do not think that was the issue, since it usually works. My question to you all is whether we need to have a common way to send the emails to avoid them being blocked by email services like gmail? Or do we think it is ok this way? I mean I usually get these emails, it is just sometimes something is missing. If someone have an idea on how I may have screwed this up myself I'm happy to know. :-) Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: about 500 DLAs missing from the website
On Sun, Feb 03, 2019 at 02:08:06PM +0100, Salvatore Bonaccorso wrote: > IMHO they should not be mixed into the same namespace as the DSAs. > https://www.debian.org/security/ is very specific to the > debian-security-announce list and contains items for e.g. contacting > the Debian security team or referecing the respective FAQ. +1 Cheers, Moritz
Re: about 500 DLAs missing from the website
Hello El 3/2/19 a las 14:08, Salvatore Bonaccorso escribió: > Hi Antoinie, > > [adding team@s.d.o to CC] > > Thanks for working on this. > > On Fri, Feb 01, 2019 at 01:44:10PM -0500, Antoine Beaupré wrote: >> On 2018-12-19 18:05:36, Antoine Beaupré wrote: >>> The DLAs are visible here: >>> >>> https://www-staging.debian.org/security/2018/dla-1580 >>> >>> One thing that's unclear is how the entries get added to the main list >>> in: >>> >>> https://www-staging.debian.org/security/2018/ >>> >>> That still needs to be cleared up. >> >> That's actually in the webwml code, I opened a MR to add those: >> >> https://salsa.debian.org/webmaster-team/webwml/merge_requests/50 > > IMHO they should not be mixed into the same namespace as the DSAs. > https://www.debian.org/security/ is very specific to the > debian-security-announce list and contains items for e.g. contacting > the Debian security team or referecing the respective FAQ. > Note that we already have some DLAs published in www.debian.org/security/, for the years 2014, 2015 and 2016. See for example: https://www.debian.org/security/2014/index I don't mind to move the already published DLAs to other place if people decides it's better, but I frankly don't know if/where these URLs are used/publicised (in Debian and maybe other places too), and we may need to setup redirectors from the current URLs to the new ones (no problem with that, I say it only to not forget, in case we decide to move all the DLAs to a different place). Kind regards, -- Laura Arjona Reina https://wiki.debian.org/LauraArjona > I think having a dedicated https://www.debian.org/lts/ where those can > be collected and having further information on LTS would be somehow > better. > > This will need an adjustment to the tracker side as well so that > sources filed for Debian LTS DLA's will not link to > https://www.debian.org/security/$year/dla-$nr . > > If a dedicated subpage is not needed and the only purpose is to link > to a webversion, and the DLA's do not show up in the overall view then > possibly the status quo is still okay. > > What do you think? >
Re: about 500 DLAs missing from the website
Hi Antoinie, [adding team@s.d.o to CC] Thanks for working on this. On Fri, Feb 01, 2019 at 01:44:10PM -0500, Antoine Beaupré wrote: > On 2018-12-19 18:05:36, Antoine Beaupré wrote: > > The DLAs are visible here: > > > > https://www-staging.debian.org/security/2018/dla-1580 > > > > One thing that's unclear is how the entries get added to the main list > > in: > > > > https://www-staging.debian.org/security/2018/ > > > > That still needs to be cleared up. > > That's actually in the webwml code, I opened a MR to add those: > > https://salsa.debian.org/webmaster-team/webwml/merge_requests/50 IMHO they should not be mixed into the same namespace as the DSAs. https://www.debian.org/security/ is very specific to the debian-security-announce list and contains items for e.g. contacting the Debian security team or referecing the respective FAQ. I think having a dedicated https://www.debian.org/lts/ where those can be collected and having further information on LTS would be somehow better. This will need an adjustment to the tracker side as well so that sources filed for Debian LTS DLA's will not link to https://www.debian.org/security/$year/dla-$nr . If a dedicated subpage is not needed and the only purpose is to link to a webversion, and the DLA's do not show up in the overall view then possibly the status quo is still okay. What do you think? Regards, Salvatore
