On 4/2/20 11:01 AM, Richard Sandiford wrote:
> Bernd Edlinger <bernd.edlin...@hotmail.de> writes:
>> On 4/1/20 8:51 AM, Bernd Edlinger wrote:
>>> On 3/26/20 4:27 PM, Bernd Edlinger wrote:
>>>> On 3/26/20 4:16 PM, Christopher Faylor wrote:
>>>>>
>>>>> marc.info is an independent site that is not associated with
>>>>> sourceware.org. We don't control it. If you have questions about their
>>>>> site then ask them.
>>>>>
>>>>> The mailing list software is all easily discernible by investigating
>>>>> email headers and via google but someone else answered your questions
>>>>> later in this thread.
>>>>>
>>>>
>>>> But don't you think that we change something in 6.3 to make them break.
>>>> like no longer sending updates, or something?
>>>>
>>>> Don't you have any idea what changed on our side?
>>>>
>>>> I mean what should I tell them they should do to fix that?????
>>>>
>>>>
>>>
>>> Ah, marc.info is fixed, it turned out that the messages were just
>>> Quarantined
>>> because due to the change in the ip adresses, mailing software etc.
>>> marc.info was under the impression that all these messages were just spam.
>>>
>>> That is what they told me:
>>>
>>> "For lists that often get spammed, we set up some silent header-checks
>>> so that mails that don't look like they came from the real listserver
>>> get quarrantined, and don't appear when viewing that list.
>>>
>>> Well, that can break when mailing list software changes - like when they
>>> switched away from ezmlm to Mailman.
>>>
>>> I've updated our filter check and un-quarrantined about 4500 mails to
>>> various gcc- lists that landed there this month."
>>>
>>> So indeed all our mailing list message are again on marc.info,
>>> I think when it can handle lkml it can handle gcc-patches as well.
>>>
>>> Many Thanks go to Hank Leininger who does a gread job with marc.info.
>>>
>>>
>>> Bernd.
>>>
>>
>> PS: I have a discovered a very serious problem with the mailing lists
>> that must be fixed by our overseers.
>>
>> That is the scubbed attachments.
>>
>> As an example please look at this one:
>> https://marc.info/?l=gdb-patches&m=158571308379946&w=2
>>
>>
>> you see this:
>>
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: 0001-Fix-range-end-handling-of-inlined-subroutines.patch
>> Type: text/x-patch
>> Size: 10992 bytes
>> Desc: not available
>> URL:
>> <http://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin>
>>
>> So there are two serious problems here:
>>
>> 1. there is a single point of failure, if sourceware.org goes down the
>> attachment is lost.
>>
>> 2. since the url is http: a man in the middle can impersonate sourceware.org
>> and give you a
>> virus instead of my patch file.
>> It does not help that sourceware.org redirects the download to
>> https://sourceware.org/pipermail/gdb-patches/attachments/20200313/5158bb87/attachment.bin
>> an attacker will not be so polite to do that.
>>
>>
>> @overseeers: PLEASE STOP IMMEDIATELY THAT SCRUBBING
>>
>> can you act now, or do you need a CVE number first ?
>
> The overseers are reachable on:
>
> https://sourceware.org/mailman/listinfo/overseers
>
> Please keep the tone civil. I hope we never see the day where the GCC/
> sourceware lists have to have a code of conduct, but if we did, I think
> some of the messages on this thread would have breached it.
>
> Thanks,
> Richard
>
Thanks, for reminding me.
I do personally full-heatedly apologize, and regret what I said above.
I am sorry if I made you feel bad. That was not the true intention of what
I said.
I asked Hank Leininger for clarification how mark.info subscribes the mails,
and what data he gets exactly from us.
I am still waiting for his response, and let you know what he says.
In the meantime, culd you please change http: to https:
Thanks
Bernd.
