Re: making mboxes available --> as *.gz

To: listarchives@debian.org
Subject: Re: making mboxes available --> as *.gz
From: Osamu Aoki <osamu@debian.org>
Date: Sat, 15 Mar 2003 10:07:31 -0800
Message-id: <[🔎] 20030315180731.GA29736@goofy.lan.aokiconsulting.com>
In-reply-to: <[🔎] 20030315000237.GD15524@prvidomaci.srce.hr>
References: <[🔎] 20030315000237.GD15524@prvidomaci.srce.hr>

It all depends how you do it.

On Sat, Mar 15, 2003 at 01:02:37AM +0100, Josip Rodin wrote:
> Hi,
> 
> Can anyone think of any reason why we shouldn't publish the mbox files of
> the list archives straight on the web?

I think we have to think "why we do it" first :-).

> Perhaps disclosing the alias to which the archives are delivered is not too
> smart, it will be spammed.
> 
> In general, it would reveal much more material for the spambots to crawl
> through. I'm not sure if this is good or bad: all those message-IDs will
> make their databases even more useless, although it might get all those
> people in Sender fields spammed.

Purpose:  For the convenience of *Debian Developer* and *Debian User*
 Audience skill: Comfortable with GNU tools (wget, gzip, ...)

Concern: Spam bot harvesting address
 Spam bot skill: assumes web contents are for Windows clients

Proposal:
How to address needs of our *audience* while avoiding *spam bot*?
 1. publish mbox as *** mbox.gz *** (I think this is the best)
  1.1 Alternatively, publish it as mbox.gpg created with "gpg -c"
      using "debian" as password. (Just another gzip with more
      obfuscation, I think this is too much)
 
 2. Striping some non-critical headers may also be useful (I do not
    think this important though)

Added benefits:
 It saves bandwidth
 It enables delayed delivery after vacation

I know this is "security by obscurity" approach.

Rationale: 
Any *competent* spammer (if it ever exists) who knows *.gz will not
bother Debian.  

If so wished, spammer can harvest address from web page anyway no matter
how we obfuscate them as long as we provide some way to get e-mail
address.  I see GNU site did some "press button" thing but if spammer
really focus it, they can harvest it.  Also, after all anyone can
subscribe and get unmasked address information, we do not need to
implement bullet proof protection here.  Just REASONABLE obfuscation is
all needed.

Regards,
Osamu
-- 
~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ +++++
        Osamu Aoki <osamu@debian.org>   Cupertino CA USA, GPG-key: A8061F32
 .''`.  Debian Reference: post-installation user's guide for non-developers
 : :' : http://qref.sf.net and http://people.debian.org/~osamu
 `. `'  "Our Priorities are Our Users and Free Software" --- Social Contract

Reply to:

References:
- making mboxes available
  - From: Josip Rodin <joy@srce.hr>

Prev by Date: Re: making mboxes available
Next by Date: Bug#177531: New version of /devel/passwordlessssh
Previous by thread: Re: making mboxes available
Next by thread: Re: makeing mboxes available
Index(es):
- Date
- Thread