Re: Please draft a policy for planet.debian.org
John Goerzen <jgoerzen@complete.org> writes:
> So that essentially means "no inline images on blogs". Because any
> <img> tag that appears in a feed on planet -- regardless of if it is a
> 1x1 transparent image or a 500x300 photo of something at Debconf --
> will, let's face it, reveal certain data to the non-Debian server it's
> on.
> To me, this is a point where we go, "life sucks, but at some point we
> take it and move on because images in feeds are nice to have."
I mostly agree with this, but I would draw a distinction between <img>
tags intended to display *images* and pointing back to the hosting site of
the person writing the blog and <img> tags for invisible images that are
routinely added to every post and point to some third-party service.
(Looking at Page Info on Planet Debian is interesting. There are a *lot*
of web bugs.)
If the only use of <img> tags is for actual images that are intended to be
displayed, and which aren't added routinely to every post, that's a much
different situation (and much less information to disclose) than if every
post is routinely tagged with a web bug. The latter seems to be what many
people's blogs currently do.
I suspect a blacklist on the Planet Debian side could kill most of the
bugs after looking over Page Info. I personally blocked four different
sites and that got 95% of them.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: