Re: tmda: Challenge-response is fundamentally broken
severity 207300 grave
quit
* Karsten M. Self
> Briefly: challenge-response (C-R) spam fighting systems are
> fundamentally broken by design.
> I am recommending that TMDA be dropped from Debian.
* Adam McKenna
> I will not respond to this bug other than to state that I don't believe it
> meets the requirements for filing a grave bug, and I will not remove TMDA
> from Debian just because you and a few others don't like it, or don't
> like this particular class of software.
>
> I do not intend to play BTS games here; if you change the severity back to
> grave, or to any other RC state, I will consider it to be abuse of the BTS
> and report your actions to the BTS maintainer, and your ability to use the
> BTS will be taken away.
>
> Before you respond to this I suggest you re-read Debian's Social Contract
> and the section of the Maintainer's Guide pertinent to bug severities.
You just spammed me with one of your "challenges", Adam. I do not
think I have ever before sent you an e-mail, and I am 100% certain I
have never sent you any trojan horse designed to break Microsoft
Outlook. Upon inspection of the headers, I see you did so even after
the message scored >10 in your SpamAssassin filter. Surely you are
aware of the fact that such junk mail tend to have forged From:
headers?
How many other innocent third parties have you spammed through the use
of this broken program? How many of these are Debian users, do you
think?
How many Debian users have installed this package, and has as a result
begun sending junk mail to innocent third parties, without even being
aware of it?
Think about it for a while, then you go read up on the Social contract,
more specifically the clause stating what our priorities are.
This program is no better than the brain-damaged content filters that
has plauged debian-devel and countless mailboxes with the idiotic
"you have attempted to send foo@bar.com a virus!"-allegations.
Although it may relieve the junk mail flow to your and other
TMDA/content filter users' mailboxes, it does nothing but add to the
problem for other e-mail users around the globe.
In fact, I find the use of this program about as disgusting as the
sending of the original unsolicited message -- in both cases you send
other e-mail users junk mail for your own personal benefit.
Therefore I join the original submitter in the recommendation that
TMDA should be removed from Debian, or failing that, it should carry
a prominent notice in the description that it will send junk mail to
random third parties and will thus not remove the junk mail problem,
but simply transfer it (very rudely, I might add) to someone else.
I'm Cc'ing debian-devel for comments, as you do not seem to be
interested in having any sensible discussion regarding this issue,
and amazingly enough instead go on threatening the submitter that you
will go to the BTS guys and have him blacklisted from the BTS. Not
very polite to one of our users, I'd say. Feel free to attempt having
me blacklisted, though.
--
Tore Anderson
Reply to: