[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tmda: Challenge-response is fundamentally broken

severity 207300 grave

* Karsten M. Self

 > Briefly:  challenge-response (C-R) spam fighting systems are
 > fundamentally broken by design.

 > I am recommending that TMDA be dropped from Debian.

* Adam McKenna

 > I will not respond to this bug other than to state that I don't believe it
 > meets the requirements for filing a grave bug, and I will not remove TMDA 
 > from Debian just because you and a few others don't like it, or don't 
 > like this particular class of software.
 > I do not intend to play BTS games here; if you change the severity back to 
 > grave, or to any other RC state, I will consider it to be abuse of the BTS 
 > and report your actions to the BTS maintainer, and your ability to use the
 > BTS will be taken away.
 > Before you respond to this I suggest you re-read Debian's Social Contract 
 > and the section of the Maintainer's Guide pertinent to bug severities.

  You just spammed me with one of your "challenges", Adam.  I do not
 think I have ever before sent you an e-mail, and I am 100% certain I
 have never sent you any trojan horse designed to break Microsoft
 Outlook.  Upon inspection of the headers, I see you did so even after
 the message scored >10 in your SpamAssassin filter.  Surely you are
 aware of the fact that such junk mail tend to have forged From:

  How many other innocent third parties have you spammed through the use
 of this broken program?  How many of these are Debian users, do you

  How many Debian users have installed this package, and has as a result
 begun sending junk mail to innocent third parties, without even being
 aware of it?

  Think about it for a while, then you go read up on the Social contract,
 more specifically the clause stating what our priorities are.

  This program is no better than the brain-damaged content filters that
 has plauged debian-devel and countless mailboxes with the idiotic
 "you have attempted to send foo@bar.com a virus!"-allegations.
 Although it may relieve the junk mail flow to your and other
 TMDA/content filter users' mailboxes, it does nothing but add to the
 problem for other e-mail users around the globe.

  In fact, I find the use of this program about as disgusting as the
 sending of the original unsolicited message -- in both cases you send
 other e-mail users junk mail for your own personal benefit.

  Therefore I join the original submitter in the recommendation that
 TMDA should be removed from Debian, or failing that, it should carry
 a prominent notice in the description that it will send junk mail to
 random third parties and will thus not remove the junk mail problem,
 but simply transfer it (very rudely, I might add) to someone else.

  I'm Cc'ing debian-devel for comments, as you do not seem to be
 interested in having any sensible discussion regarding this issue,
 and amazingly enough instead go on threatening the submitter that you
 will go to the BTS guys and have him blacklisted from the BTS.  Not
 very polite to one of our users, I'd say.  Feel free to attempt having
 me blacklisted, though.
Tore Anderson

Reply to: