Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-12 Thread Matthias Felleisen



Thank you Sage for taking on this task. — Matthias


-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/FC8531A1-1D73-47EB-B379-E0138DF143EC%40felleisen.org.


Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-12 Thread Robby Findler
Great! I think I get moderation messages too, and I'm happy to help out in
letting people in.

Robby

On Wed, Jan 12, 2022 at 12:25 PM Sage Gerard  wrote:

> Both racket-users and racket-dev have just now been changed to "Anyone
> can ask."
>
> On 1/12/22 1:17 PM, Sam Tobin-Hochstadt wrote:
> > On Wed, Jan 12, 2022 at 1:14 PM Sage Gerard  wrote:
> >> Yes. I assumed was that (b) was not true, since I thought volunteers
> >> were hard to come by for most community tasks. "Ask only" makes more
> >> sense if someone can be found and made available at any time.
> >>
> >> All: I normally wait for a go-ahead from a quorum before applying
> >> changes like this. If I don't need to wait, then please tell me.
> > I think if you're good with this approach, you should move forward with
> it.
> >
> > Sam
> >
> >> Sam: You mentioned someone got a 404 from an invite link. 404s sometimes
> >> disguise permission issues, so I suspect that switching to "ask to join"
> >> will make that problem go away too.
> >>
> >> On 1/12/22 1:00 PM, Sam Tobin-Hochstadt wrote:
> >>
> >>> Here's my suggestion: we switch to "ask to join" on Google Groups. I
> >>> think that will notify all the moderators, and thus (a) more people
> >>> can potentially respond (eg, I think I currently get those emails too)
> >>> and (b) if someone can no longer take on this responsibility, it's
> >>> easy to have someone else step up. The alternative where we specify a
> >>> specific email requires potentially changing that email address when
> >>> the responsibility changes.
> >>>
> >>> Does that seem like a reasonable approach?
> >>>
> >>> Sam
> >>>
> >>> On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard 
> wrote:
>  No no, that was helpful, thank you. We do need to figure this part
> out.
> 
>  On 1/11/22 2:22 PM, Robby Findler wrote:
> 
>  Sorry, I probably shouldn't have jumped in here.  I'm happy with
> whatever you folks decide is best!
> 
>  Robby
> 
> 
>  On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard 
> wrote:
> > Makes sense.
> >
> > I'll repeat one key difference in the context of Google Groups
> >
> > Ask to join
> >
> > Racket volunteer must be available for vetting requests, on
> receiving them. Member starts process in Google Groups
> >
> > Invite only
> >
> > Racket volunteer may vet first, but must initiate contact with
> member. As Sam said, strangers can't start that process.
> >
> > If you publish an email to request invites, then the process is
> going to be "ask to join" no matter what, so the mailing list configuration
> is relevant for a different reason. Do we want members to start the process
> in Google Groups, or by sending an email to a fixed address?
> >
> > On 1/11/22 1:51 PM, Robby Findler wrote:
> >
> > Probably people find out about the mailing list by the website,
> right? We could post an email address or two there where asks should go?
> >
> > Robby
> >
> >
> > On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt <
> sa...@indiana.edu> wrote:
> >> One thing to note here: it's now not possible to _request_ to join
> the
> >> list. If someone wants to join the list, they have to know someone
> who
> >> is already a member and ask them to join.
> >>
> >> It looks like another option is "Anyone on the web can ask" to join.
> >> It's not immediately clear who gets the emails when people ask, but
> >> this seems like it might be a good intermediate position.
> >>
> >> Sam
> >>
> >> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard 
> wrote:
> >>> Alright, thanks to all of you for the quick replies. As of this
> writing, the list has been reconfigured to create an explicit perimeter
> between the non-members and members. The public can no longer let
> themselves in.
> >>>
> >>> Not totally out of the woods yet.
> >>>
> >>> Someone please confirm if you can invite others using Members page
> -> "Add Member". If not, then please follow up with me.
> >>> This model can be compromised by someone going rogue and inviting
> a bunch of spammers. I'm expecting that our communal trust is high enough
> to make this unlikely.
> >>>
> >>> Considering the risk profile seems less scary, disregard request
> to delete my emails. :)
> >>>
> >>> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
> >>>
> >>>
> >>> +2! And many thanks. (I was personally spared this spam until very
> recently. No clue why)
> >>>
> >>> — Matthias
> >>>
> >>>
> >>>
> >>>
> >>> On Dec 18, 2021, at 2:55 PM, Robby Findler <
> ro...@cs.northwestern.edu> wrote:
> >>>
> >>> +1! Thank you.
> >>>
> >>> Robby
> >>>
> >>> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt 
> wrote:
>  The "members" option sounds right to me. Thanks for tracking down
> a way
>  to improve the situation!
> 
>  At Sa

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-12 Thread Sage Gerard
Both racket-users and racket-dev have just now been changed to "Anyone
can ask."

On 1/12/22 1:17 PM, Sam Tobin-Hochstadt wrote:
> On Wed, Jan 12, 2022 at 1:14 PM Sage Gerard  wrote:
>> Yes. I assumed was that (b) was not true, since I thought volunteers
>> were hard to come by for most community tasks. "Ask only" makes more
>> sense if someone can be found and made available at any time.
>>
>> All: I normally wait for a go-ahead from a quorum before applying
>> changes like this. If I don't need to wait, then please tell me.
> I think if you're good with this approach, you should move forward with it.
>
> Sam
>
>> Sam: You mentioned someone got a 404 from an invite link. 404s sometimes
>> disguise permission issues, so I suspect that switching to "ask to join"
>> will make that problem go away too.
>>
>> On 1/12/22 1:00 PM, Sam Tobin-Hochstadt wrote:
>>
>>> Here's my suggestion: we switch to "ask to join" on Google Groups. I
>>> think that will notify all the moderators, and thus (a) more people
>>> can potentially respond (eg, I think I currently get those emails too)
>>> and (b) if someone can no longer take on this responsibility, it's
>>> easy to have someone else step up. The alternative where we specify a
>>> specific email requires potentially changing that email address when
>>> the responsibility changes.
>>>
>>> Does that seem like a reasonable approach?
>>>
>>> Sam
>>>
>>> On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard  wrote:
 No no, that was helpful, thank you. We do need to figure this part out.

 On 1/11/22 2:22 PM, Robby Findler wrote:

 Sorry, I probably shouldn't have jumped in here.  I'm happy with whatever 
 you folks decide is best!

 Robby


 On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard  wrote:
> Makes sense.
>
> I'll repeat one key difference in the context of Google Groups
>
> Ask to join
>
> Racket volunteer must be available for vetting requests, on receiving 
> them. Member starts process in Google Groups
>
> Invite only
>
> Racket volunteer may vet first, but must initiate contact with member. As 
> Sam said, strangers can't start that process.
>
> If you publish an email to request invites, then the process is going to 
> be "ask to join" no matter what, so the mailing list configuration is 
> relevant for a different reason. Do we want members to start the process 
> in Google Groups, or by sending an email to a fixed address?
>
> On 1/11/22 1:51 PM, Robby Findler wrote:
>
> Probably people find out about the mailing list by the website, right? We 
> could post an email address or two there where asks should go?
>
> Robby
>
>
> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt  
> wrote:
>> One thing to note here: it's now not possible to _request_ to join the
>> list. If someone wants to join the list, they have to know someone who
>> is already a member and ask them to join.
>>
>> It looks like another option is "Anyone on the web can ask" to join.
>> It's not immediately clear who gets the emails when people ask, but
>> this seems like it might be a good intermediate position.
>>
>> Sam
>>
>> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
>>> Alright, thanks to all of you for the quick replies. As of this 
>>> writing, the list has been reconfigured to create an explicit perimeter 
>>> between the non-members and members. The public can no longer let 
>>> themselves in.
>>>
>>> Not totally out of the woods yet.
>>>
>>> Someone please confirm if you can invite others using Members page -> 
>>> "Add Member". If not, then please follow up with me.
>>> This model can be compromised by someone going rogue and inviting a 
>>> bunch of spammers. I'm expecting that our communal trust is high enough 
>>> to make this unlikely.
>>>
>>> Considering the risk profile seems less scary, disregard request to 
>>> delete my emails. :)
>>>
>>> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>>>
>>>
>>> +2! And many thanks. (I was personally spared this spam until very 
>>> recently. No clue why)
>>>
>>> — Matthias
>>>
>>>
>>>
>>>
>>> On Dec 18, 2021, at 2:55 PM, Robby Findler  
>>> wrote:
>>>
>>> +1! Thank you.
>>>
>>> Robby
>>>
>>> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  
>>> wrote:
 The "members" option sounds right to me. Thanks for tracking down a way
 to improve the situation!

 At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
> Core team,
>
> Sam asked me to issue bans for a troublesome spammer. I've done so, 
> even
> just today. I understand I need quorum for larger decisions. This is 
> why
> I have not yet reconfigured the list to perma

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-12 Thread Sam Tobin-Hochstadt
On Wed, Jan 12, 2022 at 1:14 PM Sage Gerard  wrote:
>
> Yes. I assumed was that (b) was not true, since I thought volunteers
> were hard to come by for most community tasks. "Ask only" makes more
> sense if someone can be found and made available at any time.
>
> All: I normally wait for a go-ahead from a quorum before applying
> changes like this. If I don't need to wait, then please tell me.

I think if you're good with this approach, you should move forward with it.

Sam

> Sam: You mentioned someone got a 404 from an invite link. 404s sometimes
> disguise permission issues, so I suspect that switching to "ask to join"
> will make that problem go away too.
>
> On 1/12/22 1:00 PM, Sam Tobin-Hochstadt wrote:
>
> > Here's my suggestion: we switch to "ask to join" on Google Groups. I
> > think that will notify all the moderators, and thus (a) more people
> > can potentially respond (eg, I think I currently get those emails too)
> > and (b) if someone can no longer take on this responsibility, it's
> > easy to have someone else step up. The alternative where we specify a
> > specific email requires potentially changing that email address when
> > the responsibility changes.
> >
> > Does that seem like a reasonable approach?
> >
> > Sam
> >
> > On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard  wrote:
> >> No no, that was helpful, thank you. We do need to figure this part out.
> >>
> >> On 1/11/22 2:22 PM, Robby Findler wrote:
> >>
> >> Sorry, I probably shouldn't have jumped in here.  I'm happy with whatever 
> >> you folks decide is best!
> >>
> >> Robby
> >>
> >>
> >> On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard  wrote:
> >>> Makes sense.
> >>>
> >>> I'll repeat one key difference in the context of Google Groups
> >>>
> >>> Ask to join
> >>>
> >>> Racket volunteer must be available for vetting requests, on receiving 
> >>> them. Member starts process in Google Groups
> >>>
> >>> Invite only
> >>>
> >>> Racket volunteer may vet first, but must initiate contact with member. As 
> >>> Sam said, strangers can't start that process.
> >>>
> >>> If you publish an email to request invites, then the process is going to 
> >>> be "ask to join" no matter what, so the mailing list configuration is 
> >>> relevant for a different reason. Do we want members to start the process 
> >>> in Google Groups, or by sending an email to a fixed address?
> >>>
> >>> On 1/11/22 1:51 PM, Robby Findler wrote:
> >>>
> >>> Probably people find out about the mailing list by the website, right? We 
> >>> could post an email address or two there where asks should go?
> >>>
> >>> Robby
> >>>
> >>>
> >>> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt  
> >>> wrote:
>  One thing to note here: it's now not possible to _request_ to join the
>  list. If someone wants to join the list, they have to know someone who
>  is already a member and ask them to join.
> 
>  It looks like another option is "Anyone on the web can ask" to join.
>  It's not immediately clear who gets the emails when people ask, but
>  this seems like it might be a good intermediate position.
> 
>  Sam
> 
>  On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
> > Alright, thanks to all of you for the quick replies. As of this 
> > writing, the list has been reconfigured to create an explicit perimeter 
> > between the non-members and members. The public can no longer let 
> > themselves in.
> >
> > Not totally out of the woods yet.
> >
> > Someone please confirm if you can invite others using Members page -> 
> > "Add Member". If not, then please follow up with me.
> > This model can be compromised by someone going rogue and inviting a 
> > bunch of spammers. I'm expecting that our communal trust is high enough 
> > to make this unlikely.
> >
> > Considering the risk profile seems less scary, disregard request to 
> > delete my emails. :)
> >
> > On 12/18/21 3:02 PM, Matthias Felleisen wrote:
> >
> >
> > +2! And many thanks. (I was personally spared this spam until very 
> > recently. No clue why)
> >
> > — Matthias
> >
> >
> >
> >
> > On Dec 18, 2021, at 2:55 PM, Robby Findler  
> > wrote:
> >
> > +1! Thank you.
> >
> > Robby
> >
> > On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  
> > wrote:
> >> The "members" option sounds right to me. Thanks for tracking down a way
> >> to improve the situation!
> >>
> >> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
> >>> Core team,
> >>>
> >>> Sam asked me to issue bans for a troublesome spammer. I've done so, 
> >>> even
> >>> just today. I understand I need quorum for larger decisions. This is 
> >>> why
> >>> I have not yet reconfigured the list to permanently stop the spammer.
> >>> After researching the problem further, I need your urgent attention.
> >>>
> >>> I found that the spam 

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-12 Thread Sage Gerard
Yes. I assumed was that (b) was not true, since I thought volunteers
were hard to come by for most community tasks. "Ask only" makes more
sense if someone can be found and made available at any time.

All: I normally wait for a go-ahead from a quorum before applying
changes like this. If I don't need to wait, then please tell me.

Sam: You mentioned someone got a 404 from an invite link. 404s sometimes
disguise permission issues, so I suspect that switching to "ask to join"
will make that problem go away too.

On 1/12/22 1:00 PM, Sam Tobin-Hochstadt wrote:

> Here's my suggestion: we switch to "ask to join" on Google Groups. I
> think that will notify all the moderators, and thus (a) more people
> can potentially respond (eg, I think I currently get those emails too)
> and (b) if someone can no longer take on this responsibility, it's
> easy to have someone else step up. The alternative where we specify a
> specific email requires potentially changing that email address when
> the responsibility changes.
>
> Does that seem like a reasonable approach?
>
> Sam
>
> On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard  wrote:
>> No no, that was helpful, thank you. We do need to figure this part out.
>>
>> On 1/11/22 2:22 PM, Robby Findler wrote:
>>
>> Sorry, I probably shouldn't have jumped in here.  I'm happy with whatever 
>> you folks decide is best!
>>
>> Robby
>>
>>
>> On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard  wrote:
>>> Makes sense.
>>>
>>> I'll repeat one key difference in the context of Google Groups
>>>
>>> Ask to join
>>>
>>> Racket volunteer must be available for vetting requests, on receiving them. 
>>> Member starts process in Google Groups
>>>
>>> Invite only
>>>
>>> Racket volunteer may vet first, but must initiate contact with member. As 
>>> Sam said, strangers can't start that process.
>>>
>>> If you publish an email to request invites, then the process is going to be 
>>> "ask to join" no matter what, so the mailing list configuration is relevant 
>>> for a different reason. Do we want members to start the process in Google 
>>> Groups, or by sending an email to a fixed address?
>>>
>>> On 1/11/22 1:51 PM, Robby Findler wrote:
>>>
>>> Probably people find out about the mailing list by the website, right? We 
>>> could post an email address or two there where asks should go?
>>>
>>> Robby
>>>
>>>
>>> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt  
>>> wrote:
 One thing to note here: it's now not possible to _request_ to join the
 list. If someone wants to join the list, they have to know someone who
 is already a member and ask them to join.

 It looks like another option is "Anyone on the web can ask" to join.
 It's not immediately clear who gets the emails when people ask, but
 this seems like it might be a good intermediate position.

 Sam

 On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
> Alright, thanks to all of you for the quick replies. As of this writing, 
> the list has been reconfigured to create an explicit perimeter between 
> the non-members and members. The public can no longer let themselves in.
>
> Not totally out of the woods yet.
>
> Someone please confirm if you can invite others using Members page -> 
> "Add Member". If not, then please follow up with me.
> This model can be compromised by someone going rogue and inviting a bunch 
> of spammers. I'm expecting that our communal trust is high enough to make 
> this unlikely.
>
> Considering the risk profile seems less scary, disregard request to 
> delete my emails. :)
>
> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>
>
> +2! And many thanks. (I was personally spared this spam until very 
> recently. No clue why)
>
> — Matthias
>
>
>
>
> On Dec 18, 2021, at 2:55 PM, Robby Findler  
> wrote:
>
> +1! Thank you.
>
> Robby
>
> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:
>> The "members" option sounds right to me. Thanks for tracking down a way
>> to improve the situation!
>>
>> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>>> Core team,
>>>
>>> Sam asked me to issue bans for a troublesome spammer. I've done so, even
>>> just today. I understand I need quorum for larger decisions. This is why
>>> I have not yet reconfigured the list to permanently stop the spammer.
>>> After researching the problem further, I need your urgent attention.
>>>
>>> I found that the spam messages sometimes link to other Google group
>>> posts affected by the spammer. A recent trail leads to a
>>> comp.lang.python Google message in 2017. I suspect that email addresses
>>> are scraped in unmoderated lists that freely hand out membership. After
>>> checking the list settings, I found that this is one of those lists. I
>>> hypothesize that our email addresses are being scraped and

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-12 Thread Sam Tobin-Hochstadt
Here's my suggestion: we switch to "ask to join" on Google Groups. I
think that will notify all the moderators, and thus (a) more people
can potentially respond (eg, I think I currently get those emails too)
and (b) if someone can no longer take on this responsibility, it's
easy to have someone else step up. The alternative where we specify a
specific email requires potentially changing that email address when
the responsibility changes.

Does that seem like a reasonable approach?

Sam

On Tue, Jan 11, 2022 at 2:30 PM Sage Gerard  wrote:
>
> No no, that was helpful, thank you. We do need to figure this part out.
>
> On 1/11/22 2:22 PM, Robby Findler wrote:
>
> Sorry, I probably shouldn't have jumped in here.  I'm happy with whatever you 
> folks decide is best!
>
> Robby
>
>
> On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard  wrote:
>>
>> Makes sense.
>>
>> I'll repeat one key difference in the context of Google Groups
>>
>> Ask to join
>>
>> Racket volunteer must be available for vetting requests, on receiving them. 
>> Member starts process in Google Groups
>>
>> Invite only
>>
>> Racket volunteer may vet first, but must initiate contact with member. As 
>> Sam said, strangers can't start that process.
>>
>> If you publish an email to request invites, then the process is going to be 
>> "ask to join" no matter what, so the mailing list configuration is relevant 
>> for a different reason. Do we want members to start the process in Google 
>> Groups, or by sending an email to a fixed address?
>>
>> On 1/11/22 1:51 PM, Robby Findler wrote:
>>
>> Probably people find out about the mailing list by the website, right? We 
>> could post an email address or two there where asks should go?
>>
>> Robby
>>
>>
>> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt  
>> wrote:
>>>
>>> One thing to note here: it's now not possible to _request_ to join the
>>> list. If someone wants to join the list, they have to know someone who
>>> is already a member and ask them to join.
>>>
>>> It looks like another option is "Anyone on the web can ask" to join.
>>> It's not immediately clear who gets the emails when people ask, but
>>> this seems like it might be a good intermediate position.
>>>
>>> Sam
>>>
>>> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
>>> >
>>> > Alright, thanks to all of you for the quick replies. As of this writing, 
>>> > the list has been reconfigured to create an explicit perimeter between 
>>> > the non-members and members. The public can no longer let themselves in.
>>> >
>>> > Not totally out of the woods yet.
>>> >
>>> > Someone please confirm if you can invite others using Members page -> 
>>> > "Add Member". If not, then please follow up with me.
>>> > This model can be compromised by someone going rogue and inviting a bunch 
>>> > of spammers. I'm expecting that our communal trust is high enough to make 
>>> > this unlikely.
>>> >
>>> > Considering the risk profile seems less scary, disregard request to 
>>> > delete my emails. :)
>>> >
>>> > On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>>> >
>>> >
>>> > +2! And many thanks. (I was personally spared this spam until very 
>>> > recently. No clue why)
>>> >
>>> > — Matthias
>>> >
>>> >
>>> >
>>> >
>>> > On Dec 18, 2021, at 2:55 PM, Robby Findler  
>>> > wrote:
>>> >
>>> > +1! Thank you.
>>> >
>>> > Robby
>>> >
>>> > On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:
>>> >>
>>> >> The "members" option sounds right to me. Thanks for tracking down a way
>>> >> to improve the situation!
>>> >>
>>> >> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>>> >> > Core team,
>>> >> >
>>> >> > Sam asked me to issue bans for a troublesome spammer. I've done so, 
>>> >> > even
>>> >> > just today. I understand I need quorum for larger decisions. This is 
>>> >> > why
>>> >> > I have not yet reconfigured the list to permanently stop the spammer.
>>> >> > After researching the problem further, I need your urgent attention.
>>> >> >
>>> >> > I found that the spam messages sometimes link to other Google group
>>> >> > posts affected by the spammer. A recent trail leads to a
>>> >> > comp.lang.python Google message in 2017. I suspect that email addresses
>>> >> > are scraped in unmoderated lists that freely hand out membership. After
>>> >> > checking the list settings, I found that this is one of those lists. I
>>> >> > hypothesize that our email addresses are being scraped and
>>> >> > cross-referenced for use in other unmoderated lists.
>>> >> >
>>> >> > It's one thing to flatly complain about a spammer on this list, and
>>> >> > another to willingly maintain a transmission vector. We need to stop
>>> >> > automatically handing out group membership with our current settings. 
>>> >> > We
>>> >> > can have  issue list memberships. I need you all to fill in the
>>> >> > blank with "moderators" or "members." I'll translate the settings
>>> >> > accordingly.
>>> >> >
>>> >> > Given the holidays, I respect your time. Please reciprocate with 
>>>

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-11 Thread Sage Gerard
No no, that was helpful, thank you. We do need to figure this part out.

On 1/11/22 2:22 PM, Robby Findler wrote:

> Sorry, I probably shouldn't have jumped in here. I'm happy with whatever you 
> folks decide is best!
>
> Robby
>
> On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard  wrote:
>
>> Makes sense.
>>
>> I'll repeat one key difference in the context of Google Groups
>>
>> - Ask to join
>>
>> - Racket volunteer must be available for vetting requests, on receiving 
>> them. Member starts process in Google Groups
>> - Invite only
>>
>> - Racket volunteer may vet first, but must initiate contact with member. As 
>> Sam said, strangers can't start that process.
>>
>> If you publish an email to request invites, then the process is going to be 
>> "ask to join" no matter what, so the mailing list configuration is relevant 
>> for a different reason. Do we want members to start the process in Google 
>> Groups, or by sending an email to a fixed address?
>>
>> On 1/11/22 1:51 PM, Robby Findler wrote:
>>
>>> Probably people find out about the mailing list by the website, right? We 
>>> could post an email address or two there where asks should go?
>>>
>>> Robby
>>>
>>> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt  
>>> wrote:
>>>
 One thing to note here: it's now not possible to _request_ to join the
 list. If someone wants to join the list, they have to know someone who
 is already a member and ask them to join.

 It looks like another option is "Anyone on the web can ask" to join.
 It's not immediately clear who gets the emails when people ask, but
 this seems like it might be a good intermediate position.

 Sam

 On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
>
> Alright, thanks to all of you for the quick replies. As of this writing, 
> the list has been reconfigured to create an explicit perimeter between 
> the non-members and members. The public can no longer let themselves in.
>
> Not totally out of the woods yet.
>
> Someone please confirm if you can invite others using Members page -> 
> "Add Member". If not, then please follow up with me.
> This model can be compromised by someone going rogue and inviting a bunch 
> of spammers. I'm expecting that our communal trust is high enough to make 
> this unlikely.
>
> Considering the risk profile seems less scary, disregard request to 
> delete my emails. :)
>
> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>
>
> +2! And many thanks. (I was personally spared this spam until very 
> recently. No clue why)
>
> — Matthias
>
>
>
>
> On Dec 18, 2021, at 2:55 PM, Robby Findler  
> wrote:
>
> +1! Thank you.
>
> Robby
>
> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:
>>
>> The "members" option sounds right to me. Thanks for tracking down a way
>> to improve the situation!
>>
>> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>> > Core team,
>> >
>> > Sam asked me to issue bans for a troublesome spammer. I've done so, 
>> > even
>> > just today. I understand I need quorum for larger decisions. This is 
>> > why
>> > I have not yet reconfigured the list to permanently stop the spammer.
>> > After researching the problem further, I need your urgent attention.
>> >
>> > I found that the spam messages sometimes link to other Google group
>> > posts affected by the spammer. A recent trail leads to a
>> > comp.lang.python Google message in 2017. I suspect that email addresses
>> > are scraped in unmoderated lists that freely hand out membership. After
>> > checking the list settings, I found that this is one of those lists. I
>> > hypothesize that our email addresses are being scraped and
>> > cross-referenced for use in other unmoderated lists.
>> >
>> > It's one thing to flatly complain about a spammer on this list, and
>> > another to willingly maintain a transmission vector. We need to stop
>> > automatically handing out group membership with our current settings. 
>> > We
>> > can have  issue list memberships. I need you all to fill in the
>> > blank with "moderators" or "members." I'll translate the settings
>> > accordingly.
>> >
>> > Given the holidays, I respect your time. Please reciprocate with 
>> > respect
>> > for the urgency this problem creates. I will revoke my own mailing list
>> > privileges and membership in three weeks, on January 8th, 2022. I will
>> > leave the settings however they read at the time to prevent
>> > interruption, and request that own messages then be deleted to limit 
>> > the
>> > role my email address plays for the spammer.
>> >
>> > I am not volunteering to moderate membership applications, and I am not
>> > commenting on how to verify the impact of possi

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-11 Thread Robby Findler
Sorry, I probably shouldn't have jumped in here.  I'm happy with whatever
you folks decide is best!

Robby


On Tue, Jan 11, 2022 at 1:09 PM Sage Gerard  wrote:

> Makes sense.
>
> I'll repeat one key difference in the context of Google Groups
>
>- *Ask to join*
>   - Racket volunteer must be available for vetting requests, on
>   receiving them. Member starts process in Google Groups
>   - *Invite only*
>   - Racket volunteer may vet first, but must initiate contact with
>   member. As Sam said, strangers can't start that process.
>
> If you publish an email to request invites, then the process is going to
> be "ask to join" no matter what, so the mailing list configuration is
> relevant for a different reason. Do we want members to start the process in
> Google Groups, or by sending an email to a fixed address?
> On 1/11/22 1:51 PM, Robby Findler wrote:
>
> Probably people find out about the mailing list by the website, right? We
> could post an email address or two there where asks should go?
>
> Robby
>
>
> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt 
> wrote:
>
>> One thing to note here: it's now not possible to _request_ to join the
>> list. If someone wants to join the list, they have to know someone who
>> is already a member and ask them to join.
>>
>> It looks like another option is "Anyone on the web can ask" to join.
>> It's not immediately clear who gets the emails when people ask, but
>> this seems like it might be a good intermediate position.
>>
>> Sam
>>
>> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
>> >
>> > Alright, thanks to all of you for the quick replies. As of this
>> writing, the list has been reconfigured to create an explicit perimeter
>> between the non-members and members. The public can no longer let
>> themselves in.
>> >
>> > Not totally out of the woods yet.
>> >
>> > Someone please confirm if you can invite others using Members page ->
>> "Add Member". If not, then please follow up with me.
>> > This model can be compromised by someone going rogue and inviting a
>> bunch of spammers. I'm expecting that our communal trust is high enough to
>> make this unlikely.
>> >
>> > Considering the risk profile seems less scary, disregard request to
>> delete my emails. :)
>> >
>> > On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>> >
>> >
>> > +2! And many thanks. (I was personally spared this spam until very
>> recently. No clue why)
>> >
>> > — Matthias
>> >
>> >
>> >
>> >
>> > On Dec 18, 2021, at 2:55 PM, Robby Findler 
>> wrote:
>> >
>> > +1! Thank you.
>> >
>> > Robby
>> >
>> > On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt 
>> wrote:
>> >>
>> >> The "members" option sounds right to me. Thanks for tracking down a way
>> >> to improve the situation!
>> >>
>> >> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>> >> > Core team,
>> >> >
>> >> > Sam asked me to issue bans for a troublesome spammer. I've done so,
>> even
>> >> > just today. I understand I need quorum for larger decisions. This is
>> why
>> >> > I have not yet reconfigured the list to permanently stop the spammer.
>> >> > After researching the problem further, I need your urgent attention.
>> >> >
>> >> > I found that the spam messages sometimes link to other Google group
>> >> > posts affected by the spammer. A recent trail leads to a
>> >> > comp.lang.python Google message in 2017. I suspect that email
>> addresses
>> >> > are scraped in unmoderated lists that freely hand out membership.
>> After
>> >> > checking the list settings, I found that this is one of those lists.
>> I
>> >> > hypothesize that our email addresses are being scraped and
>> >> > cross-referenced for use in other unmoderated lists.
>> >> >
>> >> > It's one thing to flatly complain about a spammer on this list, and
>> >> > another to willingly maintain a transmission vector. We need to stop
>> >> > automatically handing out group membership with our current
>> settings. We
>> >> > can have  issue list memberships. I need you all to fill in
>> the
>> >> > blank with "moderators" or "members." I'll translate the settings
>> >> > accordingly.
>> >> >
>> >> > Given the holidays, I respect your time. Please reciprocate with
>> respect
>> >> > for the urgency this problem creates. I will revoke my own mailing
>> list
>> >> > privileges and membership in three weeks, on January 8th, 2022. I
>> will
>> >> > leave the settings however they read at the time to prevent
>> >> > interruption, and request that own messages then be deleted to limit
>> the
>> >> > role my email address plays for the spammer.
>> >> >
>> >> > I am not volunteering to moderate membership applications, and I am
>> not
>> >> > commenting on how to verify the impact of possible email leaks.
>> Between
>> >> > the Discourse move and (majority?) perspective towards email, I'm not
>> >> > sure how I would be useful doing either. If my opinion holds weight,
>> I'd
>> >> > advise the answer be "members" so that any available moderator

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-11 Thread Sage Gerard
Makes sense.

I'll repeat one key difference in the context of Google Groups

- Ask to join

- Racket volunteer must be available for vetting requests, on receiving them. 
Member starts process in Google Groups
- Invite only

- Racket volunteer may vet first, but must initiate contact with member. As Sam 
said, strangers can't start that process.

If you publish an email to request invites, then the process is going to be 
"ask to join" no matter what, so the mailing list configuration is relevant for 
a different reason. Do we want members to start the process in Google Groups, 
or by sending an email to a fixed address?

On 1/11/22 1:51 PM, Robby Findler wrote:

> Probably people find out about the mailing list by the website, right? We 
> could post an email address or two there where asks should go?
>
> Robby
>
> On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt  
> wrote:
>
>> One thing to note here: it's now not possible to _request_ to join the
>> list. If someone wants to join the list, they have to know someone who
>> is already a member and ask them to join.
>>
>> It looks like another option is "Anyone on the web can ask" to join.
>> It's not immediately clear who gets the emails when people ask, but
>> this seems like it might be a good intermediate position.
>>
>> Sam
>>
>> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
>>>
>>> Alright, thanks to all of you for the quick replies. As of this writing, 
>>> the list has been reconfigured to create an explicit perimeter between the 
>>> non-members and members. The public can no longer let themselves in.
>>>
>>> Not totally out of the woods yet.
>>>
>>> Someone please confirm if you can invite others using Members page -> "Add 
>>> Member". If not, then please follow up with me.
>>> This model can be compromised by someone going rogue and inviting a bunch 
>>> of spammers. I'm expecting that our communal trust is high enough to make 
>>> this unlikely.
>>>
>>> Considering the risk profile seems less scary, disregard request to delete 
>>> my emails. :)
>>>
>>> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>>>
>>>
>>> +2! And many thanks. (I was personally spared this spam until very 
>>> recently. No clue why)
>>>
>>> — Matthias
>>>
>>>
>>>
>>>
>>> On Dec 18, 2021, at 2:55 PM, Robby Findler  
>>> wrote:
>>>
>>> +1! Thank you.
>>>
>>> Robby
>>>
>>> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:

 The "members" option sounds right to me. Thanks for tracking down a way
 to improve the situation!

 At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
 > Core team,
 >
 > Sam asked me to issue bans for a troublesome spammer. I've done so, even
 > just today. I understand I need quorum for larger decisions. This is why
 > I have not yet reconfigured the list to permanently stop the spammer.
 > After researching the problem further, I need your urgent attention.
 >
 > I found that the spam messages sometimes link to other Google group
 > posts affected by the spammer. A recent trail leads to a
 > comp.lang.python Google message in 2017. I suspect that email addresses
 > are scraped in unmoderated lists that freely hand out membership. After
 > checking the list settings, I found that this is one of those lists. I
 > hypothesize that our email addresses are being scraped and
 > cross-referenced for use in other unmoderated lists.
 >
 > It's one thing to flatly complain about a spammer on this list, and
 > another to willingly maintain a transmission vector. We need to stop
 > automatically handing out group membership with our current settings. We
 > can have  issue list memberships. I need you all to fill in the
 > blank with "moderators" or "members." I'll translate the settings
 > accordingly.
 >
 > Given the holidays, I respect your time. Please reciprocate with respect
 > for the urgency this problem creates. I will revoke my own mailing list
 > privileges and membership in three weeks, on January 8th, 2022. I will
 > leave the settings however they read at the time to prevent
 > interruption, and request that own messages then be deleted to limit the
 > role my email address plays for the spammer.
 >
 > I am not volunteering to moderate membership applications, and I am not
 > commenting on how to verify the impact of possible email leaks. Between
 > the Discourse move and (majority?) perspective towards email, I'm not
 > sure how I would be useful doing either. If my opinion holds weight, I'd
 > advise the answer be "members" so that any available moderators can
 > focus on rule breakers while the community grows at a self-directed 
 > speed.
 >
 > Let me know, and thank you.
 >
 >
 >
 > --
 > You received this message because you are subscribed to the Google Groups
 > "Racket Users" group.
 > To unsubscribe from this group an

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-11 Thread Robby Findler
Probably people find out about the mailing list by the website, right? We
could post an email address or two there where asks should go?

Robby


On Tue, Jan 11, 2022 at 12:41 PM Sam Tobin-Hochstadt 
wrote:

> One thing to note here: it's now not possible to _request_ to join the
> list. If someone wants to join the list, they have to know someone who
> is already a member and ask them to join.
>
> It looks like another option is "Anyone on the web can ask" to join.
> It's not immediately clear who gets the emails when people ask, but
> this seems like it might be a good intermediate position.
>
> Sam
>
> On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
> >
> > Alright, thanks to all of you for the quick replies. As of this writing,
> the list has been reconfigured to create an explicit perimeter between the
> non-members and members. The public can no longer let themselves in.
> >
> > Not totally out of the woods yet.
> >
> > Someone please confirm if you can invite others using Members page ->
> "Add Member". If not, then please follow up with me.
> > This model can be compromised by someone going rogue and inviting a
> bunch of spammers. I'm expecting that our communal trust is high enough to
> make this unlikely.
> >
> > Considering the risk profile seems less scary, disregard request to
> delete my emails. :)
> >
> > On 12/18/21 3:02 PM, Matthias Felleisen wrote:
> >
> >
> > +2! And many thanks. (I was personally spared this spam until very
> recently. No clue why)
> >
> > — Matthias
> >
> >
> >
> >
> > On Dec 18, 2021, at 2:55 PM, Robby Findler 
> wrote:
> >
> > +1! Thank you.
> >
> > Robby
> >
> > On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt 
> wrote:
> >>
> >> The "members" option sounds right to me. Thanks for tracking down a way
> >> to improve the situation!
> >>
> >> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
> >> > Core team,
> >> >
> >> > Sam asked me to issue bans for a troublesome spammer. I've done so,
> even
> >> > just today. I understand I need quorum for larger decisions. This is
> why
> >> > I have not yet reconfigured the list to permanently stop the spammer.
> >> > After researching the problem further, I need your urgent attention.
> >> >
> >> > I found that the spam messages sometimes link to other Google group
> >> > posts affected by the spammer. A recent trail leads to a
> >> > comp.lang.python Google message in 2017. I suspect that email
> addresses
> >> > are scraped in unmoderated lists that freely hand out membership.
> After
> >> > checking the list settings, I found that this is one of those lists. I
> >> > hypothesize that our email addresses are being scraped and
> >> > cross-referenced for use in other unmoderated lists.
> >> >
> >> > It's one thing to flatly complain about a spammer on this list, and
> >> > another to willingly maintain a transmission vector. We need to stop
> >> > automatically handing out group membership with our current settings.
> We
> >> > can have  issue list memberships. I need you all to fill in
> the
> >> > blank with "moderators" or "members." I'll translate the settings
> >> > accordingly.
> >> >
> >> > Given the holidays, I respect your time. Please reciprocate with
> respect
> >> > for the urgency this problem creates. I will revoke my own mailing
> list
> >> > privileges and membership in three weeks, on January 8th, 2022. I will
> >> > leave the settings however they read at the time to prevent
> >> > interruption, and request that own messages then be deleted to limit
> the
> >> > role my email address plays for the spammer.
> >> >
> >> > I am not volunteering to moderate membership applications, and I am
> not
> >> > commenting on how to verify the impact of possible email leaks.
> Between
> >> > the Discourse move and (majority?) perspective towards email, I'm not
> >> > sure how I would be useful doing either. If my opinion holds weight,
> I'd
> >> > advise the answer be "members" so that any available moderators can
> >> > focus on rule breakers while the community grows at a self-directed
> speed.
> >> >
> >> > Let me know, and thank you.
> >> >
> >> >
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> Groups
> >> > "Racket Users" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send an
> >> > email to racket-users+unsubscr...@googlegroups.com.
> >> > To view this discussion on the web visit
> >> >
> https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
> >> > e8fe%40sagegerard.com.
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups "Racket Users" group.
> >> To unsubscribe from this group and stop receiving emails from it, send
> an email to racket-users+unsubscr...@googlegroups.com.
> >> To view this discussion on the web visit
> https://groups.google.com/d/msgid/racket-users/20211218124300.343%40sirmail.smtps.cs.utah.edu
> .
> >
> >
> > --
> > You received this

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-11 Thread Sam Tobin-Hochstadt
One thing to note here: it's now not possible to _request_ to join the
list. If someone wants to join the list, they have to know someone who
is already a member and ask them to join.

It looks like another option is "Anyone on the web can ask" to join.
It's not immediately clear who gets the emails when people ask, but
this seems like it might be a good intermediate position.

Sam

On Sun, Dec 19, 2021 at 12:32 PM Sage Gerard  wrote:
>
> Alright, thanks to all of you for the quick replies. As of this writing, the 
> list has been reconfigured to create an explicit perimeter between the 
> non-members and members. The public can no longer let themselves in.
>
> Not totally out of the woods yet.
>
> Someone please confirm if you can invite others using Members page -> "Add 
> Member". If not, then please follow up with me.
> This model can be compromised by someone going rogue and inviting a bunch of 
> spammers. I'm expecting that our communal trust is high enough to make this 
> unlikely.
>
> Considering the risk profile seems less scary, disregard request to delete my 
> emails. :)
>
> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>
>
> +2! And many thanks. (I was personally spared this spam until very recently. 
> No clue why)
>
> — Matthias
>
>
>
>
> On Dec 18, 2021, at 2:55 PM, Robby Findler  wrote:
>
> +1! Thank you.
>
> Robby
>
> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:
>>
>> The "members" option sounds right to me. Thanks for tracking down a way
>> to improve the situation!
>>
>> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>> > Core team,
>> >
>> > Sam asked me to issue bans for a troublesome spammer. I've done so, even
>> > just today. I understand I need quorum for larger decisions. This is why
>> > I have not yet reconfigured the list to permanently stop the spammer.
>> > After researching the problem further, I need your urgent attention.
>> >
>> > I found that the spam messages sometimes link to other Google group
>> > posts affected by the spammer. A recent trail leads to a
>> > comp.lang.python Google message in 2017. I suspect that email addresses
>> > are scraped in unmoderated lists that freely hand out membership. After
>> > checking the list settings, I found that this is one of those lists. I
>> > hypothesize that our email addresses are being scraped and
>> > cross-referenced for use in other unmoderated lists.
>> >
>> > It's one thing to flatly complain about a spammer on this list, and
>> > another to willingly maintain a transmission vector. We need to stop
>> > automatically handing out group membership with our current settings. We
>> > can have  issue list memberships. I need you all to fill in the
>> > blank with "moderators" or "members." I'll translate the settings
>> > accordingly.
>> >
>> > Given the holidays, I respect your time. Please reciprocate with respect
>> > for the urgency this problem creates. I will revoke my own mailing list
>> > privileges and membership in three weeks, on January 8th, 2022. I will
>> > leave the settings however they read at the time to prevent
>> > interruption, and request that own messages then be deleted to limit the
>> > role my email address plays for the spammer.
>> >
>> > I am not volunteering to moderate membership applications, and I am not
>> > commenting on how to verify the impact of possible email leaks. Between
>> > the Discourse move and (majority?) perspective towards email, I'm not
>> > sure how I would be useful doing either. If my opinion holds weight, I'd
>> > advise the answer be "members" so that any available moderators can
>> > focus on rule breakers while the community grows at a self-directed speed.
>> >
>> > Let me know, and thank you.
>> >
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "Racket Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an
>> > email to racket-users+unsubscr...@googlegroups.com.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
>> > e8fe%40sagegerard.com.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Racket Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to racket-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/racket-users/20211218124300.343%40sirmail.smtps.cs.utah.edu.
>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/racket-users/CAL3TdOMCXH4Zio1%2B96Nj_Zgj2vByetG-%3D8i93%3DLYjTpaBrw8DA%40mail.gmail.com.
>
>
> --
> You received this message because you 

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2022-01-11 Thread Sage Gerard
Someone else wanted to chime in here. This email is just to make the thread 
easier for them to find.

On 12/19/21 8:35 PM, Sorawee Porncharoenwase wrote:

> FWIW, here're the settings of racket-users from the About tab:
>
> Anyone on the web: can see group
>
> Group owners and managers: can view members
>
> Anyone on the web: can view conversations
>
> Group members: can post
>
> Invited users: can join group
>
> and here're the settings of racket-dev:
>
> Anyone on the web: can see group
>
> Group members: can view members
>
> Anyone on the web: can view conversations
>
> Group members: can post
>
> Anyone on the web: can join group
>
> It looks like racket-users might need to change "Group owners and managers: 
> can view members" to "Group members: can view members", and racket-dev might 
> need to change "Anyone on the web: can join group" to "Invited users: can 
> join group".
>
> On Sun, Dec 19, 2021 at 5:25 PM Nadeem Abdul Hamid  wrote:
>
>> In other Google groups that I'm on, when I view the group, the links in the 
>> left bar read "Conversations", "Members", "About", "My membership settings". 
>> But in the Racket Users, there isn't a link to the "Members" list.
>>
>> On Sun, Dec 19, 2021 at 5:24 PM Sage Gerard  wrote:
>>
>>> Looks like I scoped invitation powers to group managers, not members. 
>>> Checking on this.
>>>
>>> Sent from ProtonMail mobile
>>>
>>>  Original Message 
>>> On Dec 19, 2021, 4:17 PM, Nadeem Abdul Hamid < nad...@acm.org> wrote:
>>>
 I don't have any special privileges... when I view the Google group, I 
 don't see a "Members" page at all and no where to invite anyone else. All 
 I can access is a link "My membership settings".

 --- nadeem

 On Sun, Dec 19, 2021 at 3:49 PM Robby Findler  
 wrote:

> When I follow the link at the bottom of one of these messages, click on 
> members, I see an "add members" button and clicking on it gives me a 
> place to add email addresses. I didn't actually add email addresses to 
> the list and try to add them, and I might have already had special 
> privileges on this list so that might not have been the most useful test.
>
> Robby
>
> On Sun, Dec 19, 2021 at 11:32 AM Sage Gerard  wrote:
>
>> Alright, thanks to all of you for the quick replies. As of this writing, 
>> the list has been reconfigured to create an explicit perimeter between 
>> the non-members and members. The public can no longer let themselves in.
>>
>> Not totally out of the woods yet.
>>
>> - Someone please confirm if you can invite others using Members page -> 
>> "Add Member". If not, then please follow up with me.
>> - This model can be compromised by someone going rogue and inviting a 
>> bunch of spammers. I'm expecting that our communal trust is high enough 
>> to make this unlikely.
>>
>> Considering the risk profile seems less scary, disregard request to 
>> delete my emails. :)
>>
>> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>>
>>> +2! And many thanks. (I was personally spared this spam until very 
>>> recently. No clue why)
>>>
>>> — Matthias
>>>
 On Dec 18, 2021, at 2:55 PM, Robby Findler  
 wrote:

 +1! Thank you.

 Robby

 On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  
 wrote:

> The "members" option sounds right to me. Thanks for tracking down a 
> way
> to improve the situation!
>
> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>> Core team,
>>
>> Sam asked me to issue bans for a troublesome spammer. I've done so, 
>> even
>> just today. I understand I need quorum for larger decisions. This is 
>> why
>> I have not yet reconfigured the list to permanently stop the spammer.
>> After researching the problem further, I need your urgent attention.
>>
>> I found that the spam messages sometimes link to other Google group
>> posts affected by the spammer. A recent trail leads to a
>> comp.lang.python Google message in 2017. I suspect that email 
>> addresses
>> are scraped in unmoderated lists that freely hand out membership. 
>> After
>> checking the list settings, I found that this is one of those lists. 
>> I
>> hypothesize that our email addresses are being scraped and
>> cross-referenced for use in other unmoderated lists.
>>
>> It's one thing to flatly complain about a spammer on this list, and
>> another to willingly maintain a transmission vector. We need to stop
>> automatically handing out group membership with our current 
>> settings. We
>> can have  issue list memberships. I need you all to fill in 
>> the
>> blank wit

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-19 Thread Sorawee Porncharoenwase
FWIW, here're the settings of racket-users from the About tab:

Anyone on the web: can see group
Group owners and managers: can view members
Anyone on the web: can view conversations
Group members: can post
Invited users: can join group

and here're the settings of racket-dev:

Anyone on the web: can see group
Group members: can view members
Anyone on the web: can view conversations
Group members: can post
Anyone on the web: can join group

It looks like racket-users might need to change "Group owners and managers:
can view members" to "Group members: can view members", and racket-dev
might need to change "Anyone on the web: can join group" to "Invited users:
can join group".



On Sun, Dec 19, 2021 at 5:25 PM Nadeem Abdul Hamid  wrote:

> In other Google groups that I'm on, when I view the group, the links in
> the left bar read "Conversations", "Members", "About", "My membership
> settings". But in the Racket Users, there isn't a link to the "Members"
> list.
>
> On Sun, Dec 19, 2021 at 5:24 PM Sage Gerard  wrote:
>
>> Looks like I scoped invitation powers to group managers, not members.
>> Checking on this.
>>
>>
>> Sent from ProtonMail mobile
>>
>>
>>
>>  Original Message 
>> On Dec 19, 2021, 4:17 PM, Nadeem Abdul Hamid < nad...@acm.org> wrote:
>>
>>
>> I don't have any special privileges... when I view the Google group, I
>> don't see a "Members" page at all and no where to invite anyone else. All I
>> can access is a link "My membership settings".
>>
>> --- nadeem
>>
>>
>> On Sun, Dec 19, 2021 at 3:49 PM Robby Findler 
>> wrote:
>>
>>> When I follow the link at the bottom of one of these messages, click on
>>> members, I see an "add members" button and clicking on it gives me a place
>>> to add email addresses. I didn't actually add email addresses to the list
>>> and try to add them, and I might have already had special privileges on
>>> this list so that might not have been the most useful test.
>>>
>>> Robby
>>>
>>>
>>> On Sun, Dec 19, 2021 at 11:32 AM Sage Gerard 
>>> wrote:
>>>
 Alright, thanks to all of you for the quick replies. As of this
 writing, the list has been reconfigured to create an explicit perimeter
 between the non-members and members. The public can no longer let
 themselves in.

 Not totally out of the woods yet.

1. Someone please confirm if you can invite others using Members
page -> "Add Member". If not, then please follow up with me.
2. This model can be compromised by someone going rogue and
inviting a bunch of spammers. I'm expecting that our communal trust is 
 high
enough to make this unlikely.

 Considering the risk profile seems less scary, disregard request to
 delete my emails. :)
 On 12/18/21 3:02 PM, Matthias Felleisen wrote:


 +2! And many thanks. (I was personally spared this spam until very
 recently. No clue why)

 — Matthias




 On Dec 18, 2021, at 2:55 PM, Robby Findler 
 wrote:

 +1! Thank you.

 Robby

 On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt 
 wrote:

> The "members" option sounds right to me. Thanks for tracking down a way
> to improve the situation!
>
> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
> > Core team,
> >
> > Sam asked me to issue bans for a troublesome spammer. I've done so,
> even
> > just today. I understand I need quorum for larger decisions. This is
> why
> > I have not yet reconfigured the list to permanently stop the spammer.
> > After researching the problem further, I need your urgent attention.
> >
> > I found that the spam messages sometimes link to other Google group
> > posts affected by the spammer. A recent trail leads to a
> > comp.lang.python Google message in 2017. I suspect that email
> addresses
> > are scraped in unmoderated lists that freely hand out membership.
> After
> > checking the list settings, I found that this is one of those lists.
> I
> > hypothesize that our email addresses are being scraped and
> > cross-referenced for use in other unmoderated lists.
> >
> > It's one thing to flatly complain about a spammer on this list, and
> > another to willingly maintain a transmission vector. We need to stop
> > automatically handing out group membership with our current
> settings. We
> > can have  issue list memberships. I need you all to fill in
> the
> > blank with "moderators" or "members." I'll translate the settings
> > accordingly.
> >
> > Given the holidays, I respect your time. Please reciprocate with
> respect
> > for the urgency this problem creates. I will revoke my own mailing
> list
> > privileges and membership in three weeks, on January 8th, 2022. I
> will
> > leave the settings however they read at the time to prevent
> > interruption, 

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-19 Thread Nadeem Abdul Hamid
In other Google groups that I'm on, when I view the group, the links in the
left bar read "Conversations", "Members", "About", "My membership
settings". But in the Racket Users, there isn't a link to the "Members"
list.

On Sun, Dec 19, 2021 at 5:24 PM Sage Gerard  wrote:

> Looks like I scoped invitation powers to group managers, not members.
> Checking on this.
>
>
> Sent from ProtonMail mobile
>
>
>
>  Original Message 
> On Dec 19, 2021, 4:17 PM, Nadeem Abdul Hamid < nad...@acm.org> wrote:
>
>
> I don't have any special privileges... when I view the Google group, I
> don't see a "Members" page at all and no where to invite anyone else. All I
> can access is a link "My membership settings".
>
> --- nadeem
>
>
> On Sun, Dec 19, 2021 at 3:49 PM Robby Findler 
> wrote:
>
>> When I follow the link at the bottom of one of these messages, click on
>> members, I see an "add members" button and clicking on it gives me a place
>> to add email addresses. I didn't actually add email addresses to the list
>> and try to add them, and I might have already had special privileges on
>> this list so that might not have been the most useful test.
>>
>> Robby
>>
>>
>> On Sun, Dec 19, 2021 at 11:32 AM Sage Gerard  wrote:
>>
>>> Alright, thanks to all of you for the quick replies. As of this writing,
>>> the list has been reconfigured to create an explicit perimeter between the
>>> non-members and members. The public can no longer let themselves in.
>>>
>>> Not totally out of the woods yet.
>>>
>>>1. Someone please confirm if you can invite others using Members
>>>page -> "Add Member". If not, then please follow up with me.
>>>2. This model can be compromised by someone going rogue and inviting
>>>a bunch of spammers. I'm expecting that our communal trust is high enough
>>>to make this unlikely.
>>>
>>> Considering the risk profile seems less scary, disregard request to
>>> delete my emails. :)
>>> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>>>
>>>
>>> +2! And many thanks. (I was personally spared this spam until very
>>> recently. No clue why)
>>>
>>> — Matthias
>>>
>>>
>>>
>>>
>>> On Dec 18, 2021, at 2:55 PM, Robby Findler 
>>> wrote:
>>>
>>> +1! Thank you.
>>>
>>> Robby
>>>
>>> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt 
>>> wrote:
>>>
 The "members" option sounds right to me. Thanks for tracking down a way
 to improve the situation!

 At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
 > Core team,
 >
 > Sam asked me to issue bans for a troublesome spammer. I've done so,
 even
 > just today. I understand I need quorum for larger decisions. This is
 why
 > I have not yet reconfigured the list to permanently stop the spammer.
 > After researching the problem further, I need your urgent attention.
 >
 > I found that the spam messages sometimes link to other Google group
 > posts affected by the spammer. A recent trail leads to a
 > comp.lang.python Google message in 2017. I suspect that email
 addresses
 > are scraped in unmoderated lists that freely hand out membership.
 After
 > checking the list settings, I found that this is one of those lists. I
 > hypothesize that our email addresses are being scraped and
 > cross-referenced for use in other unmoderated lists.
 >
 > It's one thing to flatly complain about a spammer on this list, and
 > another to willingly maintain a transmission vector. We need to stop
 > automatically handing out group membership with our current settings.
 We
 > can have  issue list memberships. I need you all to fill in
 the
 > blank with "moderators" or "members." I'll translate the settings
 > accordingly.
 >
 > Given the holidays, I respect your time. Please reciprocate with
 respect
 > for the urgency this problem creates. I will revoke my own mailing
 list
 > privileges and membership in three weeks, on January 8th, 2022. I will
 > leave the settings however they read at the time to prevent
 > interruption, and request that own messages then be deleted to limit
 the
 > role my email address plays for the spammer.
 >
 > I am not volunteering to moderate membership applications, and I am
 not
 > commenting on how to verify the impact of possible email leaks.
 Between
 > the Discourse move and (majority?) perspective towards email, I'm not
 > sure how I would be useful doing either. If my opinion holds weight,
 I'd
 > advise the answer be "members" so that any available moderators can
 > focus on rule breakers while the community grows at a self-directed
 speed.
 >
 > Let me know, and thank you.
 >
 >
 >
 > --
 > You received this message because you are subscribed to the Google
 Groups
 > "Racket Users" group.
 > To unsubscribe from this group and stop receiving emails from it,
 send an
 

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-19 Thread Sage Gerard
Looks like I scoped invitation powers to group managers, not members. Checking 
on this.

Sent from ProtonMail mobile

 Original Message 
On Dec 19, 2021, 4:17 PM, Nadeem Abdul Hamid wrote:

> I don't have any special privileges... when I view the Google group, I don't 
> see a "Members" page at all and no where to invite anyone else. All I can 
> access is a link "My membership settings".
>
> --- nadeem
>
> On Sun, Dec 19, 2021 at 3:49 PM Robby Findler  
> wrote:
>
>> When I follow the link at the bottom of one of these messages, click on 
>> members, I see an "add members" button and clicking on it gives me a place 
>> to add email addresses. I didn't actually add email addresses to the list 
>> and try to add them, and I might have already had special privileges on this 
>> list so that might not have been the most useful test.
>>
>> Robby
>>
>> On Sun, Dec 19, 2021 at 11:32 AM Sage Gerard  wrote:
>>
>>> Alright, thanks to all of you for the quick replies. As of this writing, 
>>> the list has been reconfigured to create an explicit perimeter between the 
>>> non-members and members. The public can no longer let themselves in.
>>>
>>> Not totally out of the woods yet.
>>>
>>> - Someone please confirm if you can invite others using Members page -> 
>>> "Add Member". If not, then please follow up with me.
>>> - This model can be compromised by someone going rogue and inviting a bunch 
>>> of spammers. I'm expecting that our communal trust is high enough to make 
>>> this unlikely.
>>>
>>> Considering the risk profile seems less scary, disregard request to delete 
>>> my emails. :)
>>>
>>> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>>>
 +2! And many thanks. (I was personally spared this spam until very 
 recently. No clue why)

 — Matthias

> On Dec 18, 2021, at 2:55 PM, Robby Findler  
> wrote:
>
> +1! Thank you.
>
> Robby
>
> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:
>
>> The "members" option sounds right to me. Thanks for tracking down a way
>> to improve the situation!
>>
>> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>>> Core team,
>>>
>>> Sam asked me to issue bans for a troublesome spammer. I've done so, even
>>> just today. I understand I need quorum for larger decisions. This is why
>>> I have not yet reconfigured the list to permanently stop the spammer.
>>> After researching the problem further, I need your urgent attention.
>>>
>>> I found that the spam messages sometimes link to other Google group
>>> posts affected by the spammer. A recent trail leads to a
>>> comp.lang.python Google message in 2017. I suspect that email addresses
>>> are scraped in unmoderated lists that freely hand out membership. After
>>> checking the list settings, I found that this is one of those lists. I
>>> hypothesize that our email addresses are being scraped and
>>> cross-referenced for use in other unmoderated lists.
>>>
>>> It's one thing to flatly complain about a spammer on this list, and
>>> another to willingly maintain a transmission vector. We need to stop
>>> automatically handing out group membership with our current settings. We
>>> can have  issue list memberships. I need you all to fill in the
>>> blank with "moderators" or "members." I'll translate the settings
>>> accordingly.
>>>
>>> Given the holidays, I respect your time. Please reciprocate with respect
>>> for the urgency this problem creates. I will revoke my own mailing list
>>> privileges and membership in three weeks, on January 8th, 2022. I will
>>> leave the settings however they read at the time to prevent
>>> interruption, and request that own messages then be deleted to limit the
>>> role my email address plays for the spammer.
>>>
>>> I am not volunteering to moderate membership applications, and I am not
>>> commenting on how to verify the impact of possible email leaks. Between
>>> the Discourse move and (majority?) perspective towards email, I'm not
>>> sure how I would be useful doing either. If my opinion holds weight, I'd
>>> advise the answer be "members" so that any available moderators can
>>> focus on rule breakers while the community grows at a self-directed 
>>> speed.
>>>
>>> Let me know, and thank you.
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google 
>>> Groups
>>> "Racket Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an
>>> email to 
>>> [racket-users+unsubscr...@googlegroups.com](mailto:racket-users%2bunsubscr...@googlegroups.com).
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
>>> e8fe%[40sagegerard.com](http://40sagegerard.c

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-19 Thread Nadeem Abdul Hamid
I don't have any special privileges... when I view the Google group, I
don't see a "Members" page at all and no where to invite anyone else. All I
can access is a link "My membership settings".

--- nadeem


On Sun, Dec 19, 2021 at 3:49 PM Robby Findler 
wrote:

> When I follow the link at the bottom of one of these messages, click on
> members, I see an "add members" button and clicking on it gives me a place
> to add email addresses. I didn't actually add email addresses to the list
> and try to add them, and I might have already had special privileges on
> this list so that might not have been the most useful test.
>
> Robby
>
>
> On Sun, Dec 19, 2021 at 11:32 AM Sage Gerard  wrote:
>
>> Alright, thanks to all of you for the quick replies. As of this writing,
>> the list has been reconfigured to create an explicit perimeter between the
>> non-members and members. The public can no longer let themselves in.
>>
>> Not totally out of the woods yet.
>>
>>1. Someone please confirm if you can invite others using Members page
>>-> "Add Member". If not, then please follow up with me.
>>2. This model can be compromised by someone going rogue and inviting
>>a bunch of spammers. I'm expecting that our communal trust is high enough
>>to make this unlikely.
>>
>> Considering the risk profile seems less scary, disregard request to
>> delete my emails. :)
>> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>>
>>
>> +2! And many thanks. (I was personally spared this spam until very
>> recently. No clue why)
>>
>> — Matthias
>>
>>
>>
>>
>> On Dec 18, 2021, at 2:55 PM, Robby Findler 
>> wrote:
>>
>> +1! Thank you.
>>
>> Robby
>>
>> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:
>>
>>> The "members" option sounds right to me. Thanks for tracking down a way
>>> to improve the situation!
>>>
>>> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>>> > Core team,
>>> >
>>> > Sam asked me to issue bans for a troublesome spammer. I've done so,
>>> even
>>> > just today. I understand I need quorum for larger decisions. This is
>>> why
>>> > I have not yet reconfigured the list to permanently stop the spammer.
>>> > After researching the problem further, I need your urgent attention.
>>> >
>>> > I found that the spam messages sometimes link to other Google group
>>> > posts affected by the spammer. A recent trail leads to a
>>> > comp.lang.python Google message in 2017. I suspect that email addresses
>>> > are scraped in unmoderated lists that freely hand out membership. After
>>> > checking the list settings, I found that this is one of those lists. I
>>> > hypothesize that our email addresses are being scraped and
>>> > cross-referenced for use in other unmoderated lists.
>>> >
>>> > It's one thing to flatly complain about a spammer on this list, and
>>> > another to willingly maintain a transmission vector. We need to stop
>>> > automatically handing out group membership with our current settings.
>>> We
>>> > can have  issue list memberships. I need you all to fill in the
>>> > blank with "moderators" or "members." I'll translate the settings
>>> > accordingly.
>>> >
>>> > Given the holidays, I respect your time. Please reciprocate with
>>> respect
>>> > for the urgency this problem creates. I will revoke my own mailing list
>>> > privileges and membership in three weeks, on January 8th, 2022. I will
>>> > leave the settings however they read at the time to prevent
>>> > interruption, and request that own messages then be deleted to limit
>>> the
>>> > role my email address plays for the spammer.
>>> >
>>> > I am not volunteering to moderate membership applications, and I am not
>>> > commenting on how to verify the impact of possible email leaks. Between
>>> > the Discourse move and (majority?) perspective towards email, I'm not
>>> > sure how I would be useful doing either. If my opinion holds weight,
>>> I'd
>>> > advise the answer be "members" so that any available moderators can
>>> > focus on rule breakers while the community grows at a self-directed
>>> speed.
>>> >
>>> > Let me know, and thank you.
>>> >
>>> >
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> Groups
>>> > "Racket Users" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> an
>>> > email to racket-users+unsubscr...@googlegroups.com.
>>> > To view this discussion on the web visit
>>> >
>>> https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
>>> > e8fe%40sagegerard.com.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Racket Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to racket-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/racket-users/20211218124300.343%40sirmail.smtps.cs.utah.edu
>>> .
>>>
>>
>> --
>> You received this message because you 

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-19 Thread Robby Findler
When I follow the link at the bottom of one of these messages, click on
members, I see an "add members" button and clicking on it gives me a place
to add email addresses. I didn't actually add email addresses to the list
and try to add them, and I might have already had special privileges on
this list so that might not have been the most useful test.

Robby


On Sun, Dec 19, 2021 at 11:32 AM Sage Gerard  wrote:

> Alright, thanks to all of you for the quick replies. As of this writing,
> the list has been reconfigured to create an explicit perimeter between the
> non-members and members. The public can no longer let themselves in.
>
> Not totally out of the woods yet.
>
>1. Someone please confirm if you can invite others using Members page
>-> "Add Member". If not, then please follow up with me.
>2. This model can be compromised by someone going rogue and inviting a
>bunch of spammers. I'm expecting that our communal trust is high enough to
>make this unlikely.
>
> Considering the risk profile seems less scary, disregard request to delete
> my emails. :)
> On 12/18/21 3:02 PM, Matthias Felleisen wrote:
>
>
> +2! And many thanks. (I was personally spared this spam until very
> recently. No clue why)
>
> — Matthias
>
>
>
>
> On Dec 18, 2021, at 2:55 PM, Robby Findler 
> wrote:
>
> +1! Thank you.
>
> Robby
>
> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:
>
>> The "members" option sounds right to me. Thanks for tracking down a way
>> to improve the situation!
>>
>> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
>> > Core team,
>> >
>> > Sam asked me to issue bans for a troublesome spammer. I've done so, even
>> > just today. I understand I need quorum for larger decisions. This is why
>> > I have not yet reconfigured the list to permanently stop the spammer.
>> > After researching the problem further, I need your urgent attention.
>> >
>> > I found that the spam messages sometimes link to other Google group
>> > posts affected by the spammer. A recent trail leads to a
>> > comp.lang.python Google message in 2017. I suspect that email addresses
>> > are scraped in unmoderated lists that freely hand out membership. After
>> > checking the list settings, I found that this is one of those lists. I
>> > hypothesize that our email addresses are being scraped and
>> > cross-referenced for use in other unmoderated lists.
>> >
>> > It's one thing to flatly complain about a spammer on this list, and
>> > another to willingly maintain a transmission vector. We need to stop
>> > automatically handing out group membership with our current settings. We
>> > can have  issue list memberships. I need you all to fill in the
>> > blank with "moderators" or "members." I'll translate the settings
>> > accordingly.
>> >
>> > Given the holidays, I respect your time. Please reciprocate with respect
>> > for the urgency this problem creates. I will revoke my own mailing list
>> > privileges and membership in three weeks, on January 8th, 2022. I will
>> > leave the settings however they read at the time to prevent
>> > interruption, and request that own messages then be deleted to limit the
>> > role my email address plays for the spammer.
>> >
>> > I am not volunteering to moderate membership applications, and I am not
>> > commenting on how to verify the impact of possible email leaks. Between
>> > the Discourse move and (majority?) perspective towards email, I'm not
>> > sure how I would be useful doing either. If my opinion holds weight, I'd
>> > advise the answer be "members" so that any available moderators can
>> > focus on rule breakers while the community grows at a self-directed
>> speed.
>> >
>> > Let me know, and thank you.
>> >
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Racket Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an
>> > email to racket-users+unsubscr...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
>> > e8fe%40sagegerard.com.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Racket Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to racket-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/racket-users/20211218124300.343%40sirmail.smtps.cs.utah.edu
>> .
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to racket-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/racket-users/CAL3TdOMCXH4Zio1%2B96Nj_Zgj2vByetG-%3D8i93%3DLYjTpaBrw8DA%40mail.gmail.com
> 

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-19 Thread Sage Gerard
Alright, thanks to all of you for the quick replies. As of this writing, the 
list has been reconfigured to create an explicit perimeter between the 
non-members and members. The public can no longer let themselves in.

Not totally out of the woods yet.

- Someone please confirm if you can invite others using Members page -> "Add 
Member". If not, then please follow up with me.
- This model can be compromised by someone going rogue and inviting a bunch of 
spammers. I'm expecting that our communal trust is high enough to make this 
unlikely.

Considering the risk profile seems less scary, disregard request to delete my 
emails. :)

On 12/18/21 3:02 PM, Matthias Felleisen wrote:

> +2! And many thanks. (I was personally spared this spam until very recently. 
> No clue why)
>
> — Matthias
>
>> On Dec 18, 2021, at 2:55 PM, Robby Findler  wrote:
>>
>> +1! Thank you.
>>
>> Robby
>>
>> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:
>>
>>> The "members" option sounds right to me. Thanks for tracking down a way
>>> to improve the situation!
>>>
>>> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
 Core team,

 Sam asked me to issue bans for a troublesome spammer. I've done so, even
 just today. I understand I need quorum for larger decisions. This is why
 I have not yet reconfigured the list to permanently stop the spammer.
 After researching the problem further, I need your urgent attention.

 I found that the spam messages sometimes link to other Google group
 posts affected by the spammer. A recent trail leads to a
 comp.lang.python Google message in 2017. I suspect that email addresses
 are scraped in unmoderated lists that freely hand out membership. After
 checking the list settings, I found that this is one of those lists. I
 hypothesize that our email addresses are being scraped and
 cross-referenced for use in other unmoderated lists.

 It's one thing to flatly complain about a spammer on this list, and
 another to willingly maintain a transmission vector. We need to stop
 automatically handing out group membership with our current settings. We
 can have  issue list memberships. I need you all to fill in the
 blank with "moderators" or "members." I'll translate the settings
 accordingly.

 Given the holidays, I respect your time. Please reciprocate with respect
 for the urgency this problem creates. I will revoke my own mailing list
 privileges and membership in three weeks, on January 8th, 2022. I will
 leave the settings however they read at the time to prevent
 interruption, and request that own messages then be deleted to limit the
 role my email address plays for the spammer.

 I am not volunteering to moderate membership applications, and I am not
 commenting on how to verify the impact of possible email leaks. Between
 the Discourse move and (majority?) perspective towards email, I'm not
 sure how I would be useful doing either. If my opinion holds weight, I'd
 advise the answer be "members" so that any available moderators can
 focus on rule breakers while the community grows at a self-directed speed.

 Let me know, and thank you.



 --
 You received this message because you are subscribed to the Google Groups
 "Racket Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to 
 [racket-users+unsubscr...@googlegroups.com](mailto:racket-users%2bunsubscr...@googlegroups.com).
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
 e8fe%[40sagegerard.com](http://40sagegerard.com/).
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Racket Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to 
>>> [racket-users+unsubscr...@googlegroups.com](mailto:racket-users%2bunsubscr...@googlegroups.com).
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/racket-users/20211218124300.343%40sirmail.smtps.cs.utah.edu.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Racket Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to racket-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> [https://groups.google.com/d/msgid/racket-users/CAL3TdOMCXH4Zio1%2B96Nj_Zgj2vByetG-%3D8i93%3DLYjTpaBrw8DA%40mail.gmail.com](https://groups.google.com/d/msgid/racket-users/CAL3TdOMCXH4Zio1%2B96Nj_Zgj2vByetG-%3D8i93%3DLYjTpaBrw8DA%40mail.gmail.com?utm_medium=email&utm_source=footer).
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> emai

Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-18 Thread Matthias Felleisen

+2! And many thanks. (I was personally spared this spam until very recently. No 
clue why) 

— Matthias




> On Dec 18, 2021, at 2:55 PM, Robby Findler  wrote:
> 
> +1! Thank you. 
> 
> Robby
> 
> On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  > wrote:
> The "members" option sounds right to me. Thanks for tracking down a way
> to improve the situation!
> 
> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
> > Core team,
> > 
> > Sam asked me to issue bans for a troublesome spammer. I've done so, even
> > just today. I understand I need quorum for larger decisions. This is why
> > I have not yet reconfigured the list to permanently stop the spammer.
> > After researching the problem further, I need your urgent attention.
> > 
> > I found that the spam messages sometimes link to other Google group
> > posts affected by the spammer. A recent trail leads to a
> > comp.lang.python Google message in 2017. I suspect that email addresses
> > are scraped in unmoderated lists that freely hand out membership. After
> > checking the list settings, I found that this is one of those lists. I
> > hypothesize that our email addresses are being scraped and
> > cross-referenced for use in other unmoderated lists.
> > 
> > It's one thing to flatly complain about a spammer on this list, and
> > another to willingly maintain a transmission vector. We need to stop
> > automatically handing out group membership with our current settings. We
> > can have  issue list memberships. I need you all to fill in the
> > blank with "moderators" or "members." I'll translate the settings
> > accordingly.
> > 
> > Given the holidays, I respect your time. Please reciprocate with respect
> > for the urgency this problem creates. I will revoke my own mailing list
> > privileges and membership in three weeks, on January 8th, 2022. I will
> > leave the settings however they read at the time to prevent
> > interruption, and request that own messages then be deleted to limit the
> > role my email address plays for the spammer.
> > 
> > I am not volunteering to moderate membership applications, and I am not
> > commenting on how to verify the impact of possible email leaks. Between
> > the Discourse move and (majority?) perspective towards email, I'm not
> > sure how I would be useful doing either. If my opinion holds weight, I'd
> > advise the answer be "members" so that any available moderators can
> > focus on rule breakers while the community grows at a self-directed speed.
> > 
> > Let me know, and thank you.
> > 
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "Racket Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to racket-users+unsubscr...@googlegroups.com 
> > .
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
> >  
> > 
> > e8fe%40sagegerard.com .
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/racket-users/20211218124300.343%40sirmail.smtps.cs.utah.edu
>  
> .
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/racket-users/CAL3TdOMCXH4Zio1%2B96Nj_Zgj2vByetG-%3D8i93%3DLYjTpaBrw8DA%40mail.gmail.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/649B3011-618B-466E-AE20-B4C13629CA71%40felleisen.org.


Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-18 Thread Robby Findler
+1! Thank you.

Robby

On Sat, Dec 18, 2021 at 1:43 PM Matthew Flatt  wrote:

> The "members" option sounds right to me. Thanks for tracking down a way
> to improve the situation!
>
> At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
> > Core team,
> >
> > Sam asked me to issue bans for a troublesome spammer. I've done so, even
> > just today. I understand I need quorum for larger decisions. This is why
> > I have not yet reconfigured the list to permanently stop the spammer.
> > After researching the problem further, I need your urgent attention.
> >
> > I found that the spam messages sometimes link to other Google group
> > posts affected by the spammer. A recent trail leads to a
> > comp.lang.python Google message in 2017. I suspect that email addresses
> > are scraped in unmoderated lists that freely hand out membership. After
> > checking the list settings, I found that this is one of those lists. I
> > hypothesize that our email addresses are being scraped and
> > cross-referenced for use in other unmoderated lists.
> >
> > It's one thing to flatly complain about a spammer on this list, and
> > another to willingly maintain a transmission vector. We need to stop
> > automatically handing out group membership with our current settings. We
> > can have  issue list memberships. I need you all to fill in the
> > blank with "moderators" or "members." I'll translate the settings
> > accordingly.
> >
> > Given the holidays, I respect your time. Please reciprocate with respect
> > for the urgency this problem creates. I will revoke my own mailing list
> > privileges and membership in three weeks, on January 8th, 2022. I will
> > leave the settings however they read at the time to prevent
> > interruption, and request that own messages then be deleted to limit the
> > role my email address plays for the spammer.
> >
> > I am not volunteering to moderate membership applications, and I am not
> > commenting on how to verify the impact of possible email leaks. Between
> > the Discourse move and (majority?) perspective towards email, I'm not
> > sure how I would be useful doing either. If my opinion holds weight, I'd
> > advise the answer be "members" so that any available moderators can
> > focus on rule breakers while the community grows at a self-directed
> speed.
> >
> > Let me know, and thank you.
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Racket Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to racket-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
> > e8fe%40sagegerard.com.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to racket-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/racket-users/20211218124300.343%40sirmail.smtps.cs.utah.edu
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/CAL3TdOMCXH4Zio1%2B96Nj_Zgj2vByetG-%3D8i93%3DLYjTpaBrw8DA%40mail.gmail.com.


Re: [racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-18 Thread Matthew Flatt
The "members" option sounds right to me. Thanks for tracking down a way
to improve the situation!

At Sat, 18 Dec 2021 19:35:23 +, Sage Gerard wrote:
> Core team,
> 
> Sam asked me to issue bans for a troublesome spammer. I've done so, even
> just today. I understand I need quorum for larger decisions. This is why
> I have not yet reconfigured the list to permanently stop the spammer.
> After researching the problem further, I need your urgent attention.
> 
> I found that the spam messages sometimes link to other Google group
> posts affected by the spammer. A recent trail leads to a
> comp.lang.python Google message in 2017. I suspect that email addresses
> are scraped in unmoderated lists that freely hand out membership. After
> checking the list settings, I found that this is one of those lists. I
> hypothesize that our email addresses are being scraped and
> cross-referenced for use in other unmoderated lists.
> 
> It's one thing to flatly complain about a spammer on this list, and
> another to willingly maintain a transmission vector. We need to stop
> automatically handing out group membership with our current settings. We
> can have  issue list memberships. I need you all to fill in the
> blank with "moderators" or "members." I'll translate the settings
> accordingly.
> 
> Given the holidays, I respect your time. Please reciprocate with respect
> for the urgency this problem creates. I will revoke my own mailing list
> privileges and membership in three weeks, on January 8th, 2022. I will
> leave the settings however they read at the time to prevent
> interruption, and request that own messages then be deleted to limit the
> role my email address plays for the spammer.
> 
> I am not volunteering to moderate membership applications, and I am not
> commenting on how to verify the impact of possible email leaks. Between
> the Discourse move and (majority?) perspective towards email, I'm not
> sure how I would be useful doing either. If my opinion holds weight, I'd
> advise the answer be "members" so that any available moderators can
> focus on rule breakers while the community grows at a self-directed speed.
> 
> Let me know, and thank you.
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bc
> e8fe%40sagegerard.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/20211218124300.343%40sirmail.smtps.cs.utah.edu.


[racket-users] Core Team: I need you decide what I should do about the spammer.

2021-12-18 Thread Sage Gerard
Core team,

Sam asked me to issue bans for a troublesome spammer. I've done so, even
just today. I understand I need quorum for larger decisions. This is why
I have not yet reconfigured the list to permanently stop the spammer.
After researching the problem further, I need your urgent attention.

I found that the spam messages sometimes link to other Google group
posts affected by the spammer. A recent trail leads to a
comp.lang.python Google message in 2017. I suspect that email addresses
are scraped in unmoderated lists that freely hand out membership. After
checking the list settings, I found that this is one of those lists. I
hypothesize that our email addresses are being scraped and
cross-referenced for use in other unmoderated lists.

It's one thing to flatly complain about a spammer on this list, and
another to willingly maintain a transmission vector. We need to stop
automatically handing out group membership with our current settings. We
can have  issue list memberships. I need you all to fill in the
blank with "moderators" or "members." I'll translate the settings
accordingly.

Given the holidays, I respect your time. Please reciprocate with respect
for the urgency this problem creates. I will revoke my own mailing list
privileges and membership in three weeks, on January 8th, 2022. I will
leave the settings however they read at the time to prevent
interruption, and request that own messages then be deleted to limit the
role my email address plays for the spammer.

I am not volunteering to moderate membership applications, and I am not
commenting on how to verify the impact of possible email leaks. Between
the Discourse move and (majority?) perspective towards email, I'm not
sure how I would be useful doing either. If my opinion holds weight, I'd
advise the answer be "members" so that any available moderators can
focus on rule breakers while the community grows at a self-directed speed.

Let me know, and thank you.



-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/5fa6a8bb-88e4-37c6-f0b9-2ed372bce8fe%40sagegerard.com.