[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please draft a policy for planet.debian.org

John Goerzen <jgoerzen@complete.org> writes:

> So that essentially means "no inline images on blogs".  Because any
> <img> tag that appears in a feed on planet -- regardless of if it is a
> 1x1 transparent image or a 500x300 photo of something at Debconf --
> will, let's face it, reveal certain data to the non-Debian server it's
> on.

> To me, this is a point where we go, "life sucks, but at some point we
> take it and move on because images in feeds are nice to have."

I mostly agree with this, but I would draw a distinction between <img>
tags intended to display *images* and pointing back to the hosting site of
the person writing the blog and <img> tags for invisible images that are
routinely added to every post and point to some third-party service.
(Looking at Page Info on Planet Debian is interesting.  There are a *lot*
of web bugs.)

If the only use of <img> tags is for actual images that are intended to be
displayed, and which aren't added routinely to every post, that's a much
different situation (and much less information to disclose) than if every
post is routinely tagged with a web bug.  The latter seems to be what many
people's blogs currently do.

I suspect a blacklist on the Planet Debian side could kill most of the
bugs after looking over Page Info.  I personally blocked four different
sites and that got 95% of them.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: