Hi, On Mon, 24 Mar 2003 03:00:58 +0100 "Pablo Vieira" <[EMAIL PROTECTED]> wrote:
> There was a very good reason why SA can't be used by spammers to > workaround its algorithms, but it wasn't related at all with the fact of > being open source. If the Bayes system was closed, how would we verify it was working as advertised? Granted, it's open and there are still some questions about it working properly (this is more an issue with bugs rather than bias), but anyone with the time, patience, and skill can verify the code works as stated. With the source code unavailable and no prior experience, you'd have to rely on faith that the developers built what they claimed to build. > To me guys, open source is becoming a religion to > many people like yourselves. As with any other religion it simple makes > people blind to anything but their truth. Please don't attribute religious dogma to me in regards to open source. I dislike the dogmatic, cultish Slashdot mentality and I am not acting as an open source evangelist. Open source is not a panacea but it's worked wonders in my last three jobs. This is not dogma or a sales pitch; this is personal experience obtained in multiple professional environments. References availble on request. :) > Keep writing speeches like this for your own masses if that makes you > happy, but if you want open source to be a serious alternative to > Microsoft (let's speak clearly for a minute, please) I suggest you start > finding some new "boilerplates". I'm sorry, I was trying to write a clear explanation of why I believe that keeping the SpamAssassin code base private was more harmful to end users than helpful. I didn't mention Microsoft, I didn't even allude to Microsoft, so I'm not sure why you bring this up. If anything, I alluded to net-censoring products like Net Nanny, SurfWatch, CyberPatrol and Cybersitter which appear to hide conservative religious bias in their blacklists and prevent independent review of their lists in the guise of protecting 'trade secrets.' My comment about 'boilerplate' was simply to avoid echoing more of the standand dogmatic Slashdot rants in favor of open source. Even if you don't believe the argument that active open projects respond faster to feature requests and bug reports than their proprietary counterparts, that isn't so important as knowing that an end user can actually review the rulesets to verify that SA is working as advertised. If you deploy SA and it starts flagging desired mail as spam, it's easy to find out why and fairly easy to fix. And if it isn't easy to fix, it's easy to see that SA wasn't designed to let certain spam though unscathed. And while the actual generation of the score sets is not entirely transparent, based on a limited body of messages and a genetic algorithm, neither the training messages or the GA are kept secret as trade secrets. The GA source code is shipped with the SA distribution but it's not terribly useful to most users. The training messages are privately held by contributors for personal privacy reasons; any end user wishing to contribute is welcome to do so. See ./Mail-SpamAssassin-2.51/masses for more info on score generation. My point is that when you're filtering other people's communication, you need more than blind faith in the developers to ensure the filters work as advertised. In the case of web content filtering, we've seen how closed systems have been (apparently) used to further an agenda not advertised to the end user and to quash public inquiry. In the absence of operational data, access to the source code is vital for the end user to have any trust in the system at all. > It's your problem anyway... Good luck. I'm not certain I see a problem, but I appreciate the wish of luck :) -- Bob ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
