Some of you may recall I mentioned some time ago that I hoped to have a
means of finding developers that may have left us, and today I put it
online! The system is called Echelon (NSA calls theirs that, so can we!)
and how it works is by passively monitoring all mailing list traffic and
identifying the sender. It can sniff PGP sigantures and identify the
sender based on 'From' line. Currently it is subscribed to all the
mailing lists via the global archiver and is dumping its results into the
It generates LDAP attributes that look like this:
activity-pgp=[Mon, 03 Jan 2000 06:57:11] "5733 F6D3 9E07 FFAB 35B0 8740
6DBC 2DFF F801 008A" "<firstname.lastname@example.org> archive/latest/1956"
activity-from=[Mon, 03 Jan 2000 07:37:01] "Randolph Chung
<email@example.com>" "<firstname.lastname@example.org> archive/latest/6846"
The format is '[date] "ID STRING" "X-Mailing-List header" "Message-ID"'
date is in UTC.
Since it monitors mailing lists it will automatically detect any package
uploads as a side-effect. I'm not yet sure if it is subscribed to the
list(s) the bug system uses..
Now, obviosly identification based on From address is somewhat imperfect,
I already know some of you use From addresses it simply has no hope of
keying in on.. But I'll probably wrangle something special for that
However, there is a certainty that if you upload a package it will record
it because of the PGP signature - so I think it will prove to be quite a
strong indicator of maintainer activity.
Probably in a week it will have fingered at least 100, probably
200 people. I expect in about 6 months we will start tracking down the
people it hasn't found and start asking why.
As an aside, does anyone here have a python routine for properly splitting
up a From: header, accounting for all the styles of seperating the name
from address and the various alternate locals?