It all depends how you do it.
On Sat, Mar 15, 2003 at 01:02:37AM +0100, Josip Rodin wrote:
> Hi,
>
> Can anyone think of any reason why we shouldn't publish the mbox files of
> the list archives straight on the web?
I think we have to think "why we do it" first :-).
> Perhaps disclosing the alias to which the archives are delivered is not too
> smart, it will be spammed.
>
> In general, it would reveal much more material for the spambots to crawl
> through. I'm not sure if this is good or bad: all those message-IDs will
> make their databases even more useless, although it might get all those
> people in Sender fields spammed.
Purpose: For the convenience of *Debian Developer* and *Debian User*
Audience skill: Comfortable with GNU tools (wget, gzip, ...)
Concern: Spam bot harvesting address
Spam bot skill: assumes web contents are for Windows clients
Proposal:
How to address needs of our *audience* while avoiding *spam bot*?
1. publish mbox as *** mbox.gz *** (I think this is the best)
1.1 Alternatively, publish it as mbox.gpg created with "gpg -c"
using "debian" as password. (Just another gzip with more
obfuscation, I think this is too much)
2. Striping some non-critical headers may also be useful (I do not
think this important though)
Added benefits:
It saves bandwidth
It enables delayed delivery after vacation
I know this is "security by obscurity" approach.
Rationale:
Any *competent* spammer (if it ever exists) who knows *.gz will not
bother Debian.
If so wished, spammer can harvest address from web page anyway no matter
how we obfuscate them as long as we provide some way to get e-mail
address. I see GNU site did some "press button" thing but if spammer
really focus it, they can harvest it. Also, after all anyone can
subscribe and get unmasked address information, we do not need to
implement bullet proof protection here. Just REASONABLE obfuscation is
all needed.
Regards,
Osamu
--
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
Osamu Aoki <[EMAIL PROTECTED]> Cupertino CA USA, GPG-key: A8061F32
.''`. Debian Reference: post-installation user's guide for non-developers
: :' : http://qref.sf.net and http://people.debian.org/~osamu
`. `' "Our Priorities are Our Users and Free Software" --- Social Contract
