From webmaster@gazaweb.co.kr Wed Jul 11 15:08:52 2001 From: webmaster@gazaweb.co.kr (=?EUC-KR?B?wMzA2r+1=?=) Date: Wed, 11 Jul 2001 23:08:52 +0900 Subject: [Mailman-Developers] =?EUC-KR?B?W8DMuqXGrl0gxq+6sMfRIMf9xcMh=?= Message-ID: <20010711230853.14FA1122.FAD061AF@TheRedSpider> This is a multi-part message in MIME format. ----RED_SPIDER_0001_0001 Content-Type: multipart/related; boundary="--RED_SPIDER_0002_0002"; type="multipart/alternative" ----RED_SPIDER_0002_0002 Content-Type: multipart/alternative; boundary="--RED_SPIDER_0003_0003" ----RED_SPIDER_0003_0003 Content-Type: text/plain; charset="EUC-KR" Content-Transfer-Encoding: base64 VW50aXRsZWQgRG9jdW1lbnQNCiANCiANCiANCiANCiANCiANCiANCiANClRB QkxFIHsgCUZPTlQtRkFNSUxZOiAisby4siI7IEZPTlQtU0laRTogOXB0OyBM SU5FLUhFSUdIVDogMTNwdCB9IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KaHR0cDovL2dhemF3ZWIuY28uaw0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KorwgtfDB9sW7ILy8sOi3zsDHIMO5sMnAvSAuLiBQcm9m ZXNzaW9uYWwNCiANCiANCr7Is+fHz7y8v+Qgsde1v77IIMDOxc3A2sDOwLsg u+e2+8fYIMHWvcUgv6m3r7rQsrIgsKi758DHILi7vrjAuyC15biztM+02S4g DQogwPrI8SDAzsXNwNrAzsDMILPrtb+6zrfOILrOxc0gwOfB98DaIMH3vve0 ybfCsLO538jGt8Ow+sGkwLsgwM6wobnevsYgxq+6sCDAzLqlxq64piDH4Lvn x8+w7SDA1r3AtM+02S4guLnAuiDC/L+pILrOxbm15biztM+02S4NCiANCiAN CiANCiANCiANCiANCiANCiANCi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLg0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0Kor64xb/5IMO5wrDB1iC/+b/kwM8gLCC4xb/5ILzC wrDB1iC/+b/kwM8gor4gDQogDQogDQq89rCtvcXDuyC/wrbzwM4gv7m+4CC8 rbrxvbogvce9wyAovLHC+Lz4waK89ikNCiANCiANCiANCiANCiANCiANCiAN CiANCiANCiANCiANCsGivPa55rn9DQogOg0KIA0KIA0Kx8+03LrOwMcgv8K2 88DOILvztOMNCsDbvLrIxCDA/Lzbx9ggwda9w7jpIMiuwM7IxCCx4sDntcgg v6y29MOzt84gwPzIrbimILXluLO0z7TZLg0KIA0KwNq8vMfRILmuwMe0wiAN CjAyKTc0NC05NTg0DQq3ziC5rsDHILnZtvi0z7TZLg0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQqh2iC/wrbzwM4gwaK89iC55rn9wLsgxevH 2CC17rfPx8+9w7TCIMfQu/2/obDUIMavurDH0SDH/cXDwLsgteW4s7TPtNkh DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQoxLg0KIA0KIA0KwfcN CsDlwM4gDQqw7b/rurjH6A0KIL3HvcMoDQo1MC02MCUgx9LAzg0KKSEhIQ0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KMi4NCiANCiANCsGkDQqx1CC17rfP vcMgsO2x3iANCr26xLOzyg0KIA0KwfUNCsGkISEhDQogDQogDQogDQogDQog DQogDQogDQogDQozLg0KIA0KIA0KxMQNCrD8t8MgwOLB9iC51yCxs8DnILmr t+HB9cGkIA0KISENCiANCiANCiANCiANCiANCiANCiANCiANCjQuDQogDQog DQq/wg0KtvPAziCwrcHCILCzvLMhISENCiANCiANCiANCiANCiANCiANCiAN CiANCjUuDQogDQogDQq5qw0Kt+EgwOe89rCtILnXIL7GuKO52cDMxq4gwfa/ +CAhISENCiANCiANCiANCiANCiANCiANCiANCiANCiANCiANCiANCiANCiAN CiANCiANCiANCiANCiANCiANCiANCiANCiANCiANCi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLg0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KMjG8 vLHiDQogu+q+97XwwNrAziC60L7fwMcgseK8+iC51yDA2rq7wMwgsLO55rXH sO0gseK8+rW1wNTAzCC6u7DdwPvAuLfOIL3DwNu1y7TPtNkuILHXwd+/obyt tbUgwKW18MDawMyzyiwgDQogwKW4tr26xc0sILPXxq6/9sWpILD8uK675ywg xMTHu8XNILHXt6HHyCC60L7fte4gSVTB98G+wLogsdcgwP3BpL+hIMDMuKaw zcC4t84gwPy4wbXHsO0gwNa9wLTPtNkuIA0KIA0KwMy5zCDAzLrQvt+/oSDB +MPiwLsgvcO1tcfPsO0gwNa0wiC067HivvcgudcguqXDs7HivvfAzCC807zT ILTDsO20wiDA1sH2uLggwM7FzbPdILvnv+vAzrG4wMcgsd7B9cC4t84gwM7H 0SDA/LmuIMDOt8LAuiANCiDA/bTrus7Bt8DMtvO0wiCzrcGmv6Egus61+sPE ILmrvvm6uLTZtbUgwPy5rsDOt8IgyK66uLChILCiILHivvfAxyDD1rTrILD6 waawoSC1x7DtIMDWvcC0z7TZLiDAzL+hILnfuMLD377uILq7v/i/obyttMIg DQogtPUguLnAuiDA/LmuIMDOt8LAuyC+57y6x8+x4iDAp8fRIMDPyK/AuLfO IMD7wLoguvG/68C4t84gtPUguLnAuiCxs8CwseLIuLimILrOv6kgx8+x4sCn x9ggyLmx4sD7wM4gsbPAsCC9w726xdsgsLO537+hIA0KILnawve4piCwocfP v7S9wLTPtNkuILHXILDhsPoguru/+MDHILHXILCjIMPgwPu1yCCz68fPv+y/ zSCxs8CwvcO9usXbIL/uv7XAxyDA5cGhwLsgw9a068fRIMiwv+vHz7+pIMPW tOvAxyDB+MfQt/yw+iANCiDD1rTrwMcgw+u+97f8wLsgwM7BpLnesNQgtce+ +r3AtM+02S4gDQogDQogDQqx4si4tMIgs6++xrChtMIgu/W/zbCwvcC0z7TZ LiCzr77GsKEgufa4rrHiwPy/oSDA4sC4vLy/5CAhIQ0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQqxs8CwILD6waQNCqGhDQogDQo6IA0KwKUgtfDA2sDODQogLyAN CsClILi2vbrFzQ0KIC8gDQozRA0KIL+htM+43sDMvMcNCiAvIMD8wNq787DF t6ENCiA6IA0KwKXE2rXws9fAzMXNDQogLyANCkQuVC5QDQogLyANCrDHw+C9 w7nEt7nAzLzHKENBRCkNCiAvILjWxry5zLXwvu4NCiANCiANCiANCiANCiAN CiANCiANCk9OIC0gTElORSC787TjICAgICAgDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQoqDQrAzLinIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KKg0KvLq6sA0KIA0Ks7INCiANCiAgICAN Cr+pDQogDQogDQogDQogDQogDQogDQoqDQq7/bPiv/nAzw0KIA0KIA0KIA0K s+IgDQogDQq8scXDDQogDQoxDQogDQoyDQogDQozDQogDQo0DQogDQo1DQog DQo2DQogDQo3DQogDQo4DQogDQo5DQogDQoxMA0KIA0KMTENCiANCjEyDQog DQogv/kgDQogDQq8scXDDQogDQoxDQogDQoyDQogDQozDQogDQo0DQogDQo1 DQogDQo2DQogDQo3DQogDQo4DQogDQo5DQogDQoxMA0KIA0KMTENCiANCjEy DQogDQoxMw0KIA0KMTQNCiANCjE1DQogDQoxNg0KIA0KMTcNCiANCjE4DQog DQoxOQ0KIA0KMjANCiANCjIxDQogDQoyMg0KIA0KMjMNCiANCjI0DQogDQoy NQ0KIA0KMjYNCiANCjI3DQogDQoyOA0KIA0KMjkNCiANCjMwDQogDQozMQ0K IA0KIMDPICAgv7k6IDIwMDGz4iAxv/kgMcDPDQogDQogDQogDQogDQoqDQrA /MitufjIow0KIA0KIA0KIA0KvLHFww0KIA0KMDINCiANCjAzMQ0KIA0KMDMy DQogDQowMzMNCiANCjA0MQ0KIA0KMDQyDQogDQowNDMNCiANCjA1MQ0KIA0K MDUyDQogDQowNTMNCiANCjA1NA0KIA0KMDU1DQogDQowNjENCiANCjA2Mg0K IA0KMDYzDQogDQowNjQNCiANCiAtIA0KIA0KIA0KIA0KIA0KIA0KIA0KKg0K RkFYDQogDQogDQogDQq8scXDDQogDQowMg0KIA0KMDMxDQogDQowMzINCiAN CjAzMw0KIA0KMDQxDQogDQowNDINCiANCjA0Mw0KIA0KMDUxDQogDQowNTIN CiANCjA1Mw0KIA0KMDU0DQogDQowNTUNCiANCjA2MQ0KIA0KMDYyDQogDQow NjMNCiANCjA2NA0KIA0KIC0gDQogDQogDQogDQogDQogDQogDQoqDQrI3rTr xvkNCiANCiANCiANCryxxcMNCiANCjAxMQ0KIA0KMDE2DQogDQowMTcNCiAN CjAxOA0KIA0KMDE5DQogDQogLSANCiANCiANCiANCiANCiANCiANCioNCsHW vNINCiANCiANCiANCiANCiANCiANCiANCioNCkUtbWFpbA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KKg0KyLi757jtDQogDQogDQogDQoox9Cxs7jtKQ0KIA0K IA0KIA0KIA0KKg0Kua7Ax8fQsPoNCiANCiANCiANCryxxcMNCiANCrjWxry5 zLXwvu4NCiANCsCltfDA2sDODQogDQrApcTatfCz18DMxc0NCiANCsCluLa9 usXNDQogDQozRCC+1rTPuN7AzLzHDQogDQpBdXRvIENhZA0KIA0KRFRQDQog DQogDQogDQogDQogDQoqDQq5rsDHILvnx9cNCiANCiANCiANCiANCiANCiAN CiANCiANCiANCiANCiANCiAgIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uDQogDQogDQogDQogDQogDQogDQogDQogDQogDQqh2CCx4sW4IMDavLzH 0SCxs8Cws7u/68C6DQpUZWwgOiAwMik3NDQtOTU4NA0KwLi3ziC5rsDHILnZ tvi0z7TZLg0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KICAgIA0KKiDB vrfOLTHIo7yxIMG+t841sKG/qiAyufjD4rG4IMfRsbnF9cDavcXFucH1sce6 9LX5IDRGIA0KIA0KICAgICAqIMioxuTAzMH2IA0KaHR0cDovL2dhemF3ZWIu Y28ua3INCiANCiAgICAgKiCxs8CwtOO05yANCndlYm1hc3RlckBnYXphd2Vi LmNvLmtyDQogKMDMwNq/tSkgDQogDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQo== ----RED_SPIDER_0003_0003 Content-Type: text/html; charset="EUC-KR" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBU cmFuc2l0aW9uYWwvL0VOIj4NCjxodG1sPg0KPGhlYWQ+PFRJVExFPlVudGl0 bGVkIERvY3VtZW50PC9USVRMRT4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRl bnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXVuaWNvZGUi Pg0KPE1FVEEgY29udGVudD0iTVNIVE1MIDUuMDAuMjMxNC4xMDAwIiBuYW1l PUdFTkVSQVRPUj4NCjwvaGVhZD4NCjxCT0RZPg0KDQoNCjx0YWJsZSB3aWR0 aD0iMTAwJSIgIGJnY29sb3I9IiNmZmZmZmYiIHRleHQ9IiMwMDAwMDAiPg0K DQogIA0KICA8VFI+PHRkIHZhbGlnbj10b3A+DQo8dGFibGUgYm9yZGVyPTAg Y2VsbHBhZGRpbmc9NCBjZWxsc3BhY2luZz0xIHdpZHRoPSIxMDAlIj4NCg0K ICA8dGJvZHk+IA0KICA8dHI+IA0KICAgIDx0ZCBiZ2NvbG9yPSNmZmZmZmYg Y29sc3Bhbj0yPjxmb250IHNpemU9LTE+PCEtLSBtaWFnZW50IHN1YiBzdGFy dCAtLT4NCiAgICAgIDwvZm9udD4gDQogIDx0cj4gDQogICAgPHRkIGJnY29s b3I9I2ZmZmZmZiBjb2xzcGFuPTI+PGZvbnQgc2l6ZT0tMT4NCiAgICAgICAg ICAgIDxTVFlMRSB0eXBlPXRleHQvY3NzPlRBQkxFIHsNCglGT05ULUZBTUlM WTogIrG8uLIiOyBGT05ULVNJWkU6IDlwdDsgTElORS1IRUlHSFQ6IDEzcHQN Cn0NCjwvU1RZTEU+DQogICAgICANCjx0YWJsZSB3aWR0aD0iMTAwJSIgbWFy Z2lud2lkdGg9IjAiIG1hcmdpbmhlaWdodD0iMTAiICAgICAgICAgICAgICAg ICAgIGxlZnRtYXJnaW49IjAiIHRvcG1hcmdpbj0iMTAiIGhlaWdodD0iMTU0 MiI+DQoNCiAgICAgICAgPHRib2R5PiANCiAgICAgICAgPHRyPiANCiAgICAg ICAgICA8dGQgdmFsaWduPXRvcCBoZWlnaHQ9IjE0NDIiPiANCiAgICAgICAg ICAgIA0KPHRhYmxlIGFsaWduPWNlbnRlciBiZ2NvbG9yPSMwMDAwMDAgYm9y ZGVyPTAgICAgICAgICAgICAgICAgICAgICAgICAgY2VsbHBhZGRpbmc9MCBj ZWxsc3BhY2luZz0wIGhlaWdodD0xNTM3IHdpZHRoPTU3OT4NCg0KICAgICAg ICAgICAgICA8dGJvZHk+IA0KICAgICAgICAgICAgICA8dHI+IA0KICAgICAg ICAgICAgICAgIDx0ZCBoZWlnaHQ9OTc0PiANCiAgICAgICAgICAgICAgICAg IA0KPHRhYmxlIGJvcmRlcj0wIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9 MSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aWR0aD02OTkgaGVp Z2h0PSIxNTMxIj4NCg0KICAgICAgICAgICAgICAgICAgICA8dGJvZHk+IA0K ICAgICAgICAgICAgICAgICAgICA8dHI+IA0KICAgICAgICAgICAgICAgICAg ICAgIDx0ZCBoZWlnaHQ9MjU+IA0KICAgICAgICAgICAgICAgICAgICAgICAg DQo8dGFibGUgYm9yZGVyPTAgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0w ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2lkdGg9IjEwMCUi Pg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4gDQogICAg ICAgICAgICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRkIHdpZHRoPSI3NiUiPjxhIGhyZWY9Imh0dHA6Ly9n YXphd2ViLmNvLmtyIiB0YXJnZXQ9Il9ibGFuayI+PGZvbnQgY29sb3I9Indo aXRlIj48Yj5odHRwOi8vZ2F6YXdlYi5jby5rPC9iPjwvZm9udD48L2E+PC90 ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9IjI0 JSI+PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4gDQogICAgICAgICAg ICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgICAgICAgICAg IDwvdGQ+DQogICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAg ICAgICAgICAgIDx0ciBiZ2NvbG9yPSNmOGU2YWQgdmFsaWduPXRvcD4gDQog ICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD0xIGJnY29sb3I9IiNk ZmU4ZmYiPiANCiAgICAgICAgICAgICAgICAgICAgICAgIA0KPHRhYmxlIGJn Y29sb3I9I2ZjZmFmMSBib3JkZXI9MCB3aWR0aD03MDA+DQoNCiAgICAgICAg ICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 dGQgY29sc3Bhbj0zPjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAg IDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4gDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdpZHRoPTExMj4gPC90ZD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9MTA+Jm5i c3A7PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lk dGg9NTU4Pjxmb250IGNvbG9yPSMzMzAwMDAgDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHNpemU9Mj48Yj48Zm9udCBjb2xvcj0jNGUyNDE4 PqK8ILXwwfbFuyC8vLDot87AxyDDubDJwL0gLi4gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBQcm9mZXNzaW9uYWw8L2ZvbnQ+PC9iPjwvZm9u dD48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6 ZT0yPjxicj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZm9u dD48Zm9udCBjb2xvcj0jMDAzMzMzPjxicj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxmb250IGNvbG9yPSIjMzMwMGNjIj6+yLPn x8+8vL/kILHXtb++yCDAzsXNwNrAzsC7ILvntvvH2CANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIMHWvcUgv6m3r7rQsrIgsKi758DH ILi7vrjAuyC15biztM+02S4gPGJyPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgwPrI8SDAzsXNwNrAzsDMILPrtb+6zrfOILrOxc0g wOfB98DaIMH3vve0ybfCsLO538jGt8Ow+sGkwLsgwM6wobnevsYgxq+6sCDA zLqlxq64piANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IMfgu+fHz7DtIMDWvcC0z7TZLiC4ucC6IML8v6kgus7FubXluLO0z7TZLjwv Zm9udD48L2ZvbnQ+PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg PC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4gDQog ICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAg ICAgICAgICAgICAgDQo8dGFibGUgYWxpZ249Y2VudGVyIGJnY29sb3I9I2Zj ZmFmMSBib3JkZXI9MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCBoZWlnaHQ9OCB3aWR0aD03 MDA+DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRyIHZhbGlnbj10b3A+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9Mj4gDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPWNlbnRlcj48 Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0x Pi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLjwvZm9udD48L2Rpdj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PiANCiAgICAgICAg ICAgICAgICAgICAgICAgIDwvdGFibGU+DQogICAgICAgICAgICAgICAgICAg ICAgICANCjx0YWJsZSBib3JkZXI9MCBjZWxscGFkZGluZz0wIGNlbGxzcGFj aW5nPTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aWR0aD03 MDA+DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRyIGJnY29sb3I9I2ZjZmFmMSB2 YWxpZ249Ym90dG9tPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 dGQgaGVpZ2h0PTM2IHdpZHRoPTg+Jm5ic3A7PC90ZD4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dGQgYmdjb2xvcj0jZmNmYWYxIGhl aWdodD0zNiBjb2xzcGFuPSIyIj48Zm9udCANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgY29sb3I9IzMzMDAwMCBzaXplPTI+PGI+IDxtYXJx dWVlIGJlaGF2aW9yPWFsdGVybmF0ZSANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgc2Nyb2xsYW1vdW50PTEwPjxmb250IGNvbG9yPSMwNDhk MGM+or64xb/5IMO5wrDB1iC/+b/kwM8gLCC4xb/5ILzCwrDB1iC/+b/kwM8g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCiviA8L2Zv bnQ+PGJyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PC9tYXJxdWVlPjwvYj48YnI+DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg Y29sb3I9IzY2MDA2Nj689rCtvcXDuyC/wrbzwM4gv7m+4CC8rbrxvbogvce9 wyAovLHC+Lz4waK89ik8L2ZvbnQ+PC9mb250PjwvdGQ+DQogICAgICAgICAg ICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAg ICAgIDx0ciBiZ2NvbG9yPSNmY2ZhZjE+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0ZCBoZWlnaHQ9MiB3aWR0aD04PiZuYnNwOzwvdGQ+DQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD0yIGNvbHNw YW49IjIiPiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAg IDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDx0ciBiZ2NvbG9y PSNmY2ZhZjE+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBo ZWlnaHQ9MiB3aWR0aD04PiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRkIGhlaWdodD0yIHdpZHRoPTc4IHZhbGlnbj0idG9w Ij48Yj48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg Y29sb3I9IzRlMjQxOD7Borz2uea5/TwvZm9udD48L2I+IDo8L3RkPg0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9MiB3aWR0aD02 MTQgdmFsaWduPSJ0b3AiPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxwPjxmb250IGNvbG9yPSM2NjAwMzM+PGZvbnQgY29sb3I9 IzRhMzcyZj7Hz7Tcus7AxyANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgv8K288DOILvztOM8L2ZvbnQ+PC9mb250Pjxmb250IA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb2xvcj0jNGEzNzJm PsDbvLrIxCDA/Lzbx9ggwda9w7jpIMiuwM7IxCCx4sDntcggv6y29MOzt84g wPzIrbimILXluLO0z7TZLjxicj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPC9mb250Pjxmb250IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBjb2xvcj0jNGEzNzJmPsDavLzH0SC5rsDHtMIg PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbG9y PSNjNTEyMWI+PGJpZz4wMik3NDQtOTU4NDwvYmlnPjwvZm9udD63ziC5rsDH IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICC52bb4 tM+02S48L2ZvbnQ+PC9wPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90 cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4gDQogICAg ICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgICAg ICAgICAgICAgDQo8dGFibGUgYWxpZ249Y2VudGVyIGJnY29sb3I9I2ZjZmFm MSBib3JkZXI9MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNl bGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCBoZWlnaHQ9OCB3aWR0aD03MDA+ DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRyIHZhbGlnbj10b3A+IA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9Mj4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPWNlbnRlcj48Zm9u dCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0xPi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLjwvZm9udD48L2Rpdj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAg ICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PiANCiAgICAgICAgICAg ICAgICAgICAgICAgIDwvdGFibGU+DQogICAgICAgICAgICAgICAgICAgICAg ICANCjx0YWJsZSBib3JkZXI9MCBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5n PTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aWR0aD00OTg+ DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8dGQgY29sc3Bhbj0yIGhlaWdodD0zNiB2YWxpZ249Ym90 dG9tPiA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PiANCiAgICAgICAg ICAgICAgICAgICAgICAgIDwvdGFibGU+DQogICAgICAgICAgICAgICAgICAg ICAgICANCjx0YWJsZSBhbGlnbj1jZW50ZXIgYmdjb2xvcj0jMDAwMDAwIGJv cmRlcj0wICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2VsbHBh ZGRpbmc9MCBjZWxsc3BhY2luZz0wIHdpZHRoPTEzNT4NCg0KICAgICAgICAg ICAgICAgICAgICAgICAgICA8dGJvZHk+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICA8dHI+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0 ZD4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCjx0YWJsZSBi b3JkZXI9MCBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5nPTEgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBoZWlnaHQ9IjEwMCUiIHdpZHRoPSIx MDAlIj4NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJv ZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHIgYmdj b2xvcj0jZmZmZmZmPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgaGVpZ2h0PTQ3PiANCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIA0KPHRhYmxlIGFsaWduPWNlbnRlciBiZ2NvbG9yPSNm ZmZmZmYgYm9yZGVyPTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5nPTAgd2lkdGg9Njg0Pg0KDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRk IGhlaWdodD0xNjAgdmFsaWduPXRvcCB3aWR0aD0zMj48L3RkPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9 MTYwIHdpZHRoPTQ4ND4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICANCjx0YWJsZSBib3JkZXI9MCBjZWxscGFkZGluZz0z IGNlbGxzcGFjaW5nPTMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB3aWR0aD00ODQ+DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgaGVpZ2h0PTIg d2lkdGg9NDcxPjxmb250IHNpemU9Mj48Yj48Zm9udCANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgY29sb3I9IzY2MDA2Nj48dT6h2iC/wrbz wM4gwaK89iC55rn9wLsgxevH2CC17rfPx8+9w7TCIMfQu/2/obDUIMavurDH 0SANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIMf9xcPAuyC15biztM+02SE8L3U+PC9mb250PjwvYj48L2ZvbnQ+ PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPC90Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQo8dGFibGUgYm9y ZGVyPTAgd2lkdGg9NDgyPg0KDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPHRkIHdpZHRoPTU+Jm5ic3A7PC90ZD4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQg d2lkdGg9MjA+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGRpdiBhbGlnbj0iY2VudGVyIj48Zm9u dCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0yPjxi PjEuPC9iPjwvZm9udD48L2Rpdj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0 ZCB3aWR0aD0yODM+PGI+PGZvbnQgY29sb3I9ImJsdWUiIHNpemU9IjMiPsH3 PC9mb250PjwvYj7A5cDOIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPGZvbnQgY29sb3I9InJlZCI+ sO2/67q4x+g8L2ZvbnQ+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgvce9wyg8Zm9udCBjb2xvcj0i I2ZmMzMzMyI+NTAtNjAlIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgx9LAzjwvZm9udD4pISEhPC90 ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8dGQgd2lkdGg9MTU2PiZuYnNwOzwvdGQ+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwv dHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdpZHRoPTU+Jm5ic3A7PC90 ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8dGQgd2lkdGg9MjA+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBhbGln bj0iY2VudGVyIj48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgc2l6ZT0yPjxiPjIuPC9iPjwvZm9udD48L2Rpdj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDx0ZCB3aWR0aD0yODM+PGZvbnQgc2l6ZT0zPjxiPjxm b250IGNvbG9yPSIjNjYwMDY2Ij7BpDwvZm9udD48L2I+PC9mb250PrHUIA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgte63z73DILDtsd4gPGZvbnQgY29sb3I9InJlZCI+vbrEs7PK PC9mb250PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxmb250IGNvbG9yPSIjMzMzMzMzIj7B9Twv Zm9udD7BpCEhITwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdpZHRoPTE1Nj4mbmJzcDs8 L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dHI+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCB3aWR0 aD01IGhlaWdodD0iMjIiPiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdpZHRo PTIwIGhlaWdodD0iMjIiPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgYWxpZ249ImNlbnRl ciI+PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNp emU9Mj48Yj4zLjwvYj48L2ZvbnQ+PC9kaXY+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgd2lkdGg9MjgzIGhlaWdodD0iMjIiPjxmb250IHNpemU9Mz48 Yj48Zm9udCBjb2xvcj0iIzI3NDUzMSI+xMQ8L2ZvbnQ+PC9iPjwvZm9udD48 Yj48Zm9udCBjb2xvcj0iIzY2NjY2NiIgc2l6ZT0iMyI+sPy3wyANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIMDiwfYgudcgsbPA5yC5q7fhwfXBpCA8L2ZvbnQ+PC9iPjxmb250IGNv bG9yPSIjNjY2NjY2IiBzaXplPSIzIj4hITwvZm9udD48L3RkPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDx0ZCB3aWR0aD0xNTYgaGVpZ2h0PSIyMiI+Jm5ic3A7PC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9NSBoZWlnaHQ9 IjE2Ij4mbmJzcDs8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCB3aWR0aD0yMCBoZWlnaHQ9 IjE2Ij4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPSJjZW50ZXIiPjxmb250IA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplPTI+PGI+NC48 L2I+PC9mb250PjwvZGl2Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdp ZHRoPTI4MyBoZWlnaHQ9IjE2Ij48Yj48Zm9udCBjb2xvcj0iI2ZmMDAwMCIg c2l6ZT0iMyI+v8I8L2ZvbnQ+PC9iPrbzwM4gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCwrcHCILCz vLMhISE8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDx0ZCByb3dzcGFuPSIyIiBoZWlnaHQ9IjM5 Ij4mbmJzcDs8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+IA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDx0ZCB3aWR0aD01IGhlaWdodD0iMjEiPiZuYnNwOzwvdGQ+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PHRkIHdpZHRoPTIwIGhlaWdodD0iMjEiPiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgYWxp Z249ImNlbnRlciI+PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHNpemU9Mj48Yj41LjwvYj48L2ZvbnQ+PC9kaXY+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8dGQgd2lkdGg9MjgzIGhlaWdodD0iMjEiPjxiPjxm b250IGNvbG9yPSIjY2MwMGNjIiBzaXplPSIzIj65qzwvZm9udD48L2I+t+Eg DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICDA57z2sK0gudcgvsa4o7nZwMzGriDB9r/4ICEhITwvdGQ+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDx0ZCBoZWlnaHQ9MTYwIHdpZHRoPTEyNz4NCjxpbWcgc3JjPSJodHRwOi8v Z2F6YXdlYi5jby5rci9pbWFnZXMvZXZlbnQuZ2lmIiB3aWR0aD0iMTM2IiBo ZWlnaHQ9IjE0NSI+DQogPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8dGQgaGVpZ2h0PTE2MCB2YWxpZ249Ym90dG9t IHdpZHRoPTMxPjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 L3Rib2R5PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGFi bGU+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgPC90Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAgICA8 L3RhYmxlPg0KICAgICAgICAgICAgICAgICAgICAgICAgDQo8dGFibGUgYWxp Z249Y2VudGVyIGJvcmRlcj0wIGNlbGxwYWRkaW5nPTAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBjZWxsc3BhY2luZz0wIGhlaWdodD04IHdp ZHRoPTcwMD4NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+ IA0KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHIgdmFsaWduPXRvcD4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD0yPiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgYWxpZ249Y2Vu dGVyPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBz aXplPTE+Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uPC9mb250PjwvZGl2Pg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDwv dHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgICAg ICAgICAgICAgIA0KPHRhYmxlIGJvcmRlcj0wIGNlbGxwYWRkaW5nPTAgY2Vs bHNwYWNpbmc9MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdp ZHRoPTcwMCBoZWlnaHQ9Ijk2MiI+DQoNCiAgICAgICAgICAgICAgICAgICAg ICAgICAgPHRib2R5PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRy IGJnY29sb3I9I2ZjZmFmMT4gDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgPHRkIHdpZHRoPTE2PiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRkIHdpZHRoPTcxOD4mbmJzcDs8L3RkPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICA8dHIgYmdjb2xvcj0jZmNmYWYxPiANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8dGQgd2lkdGg9MTY+Jm5ic3A7PC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dGQgYmdjb2xvcj0jZmNmYWYxIHdp ZHRoPTcxOD48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgc2l6ZT00PjxiPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBzaXplPTM+MjG8vLHiPC9mb250PjwvYj48L2ZvbnQ+PGZvbnQg DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbG9yPSMwMDUx NTE+ILvqvve18MDawM4gutC+38DHILHivPogudcgwNq6u8DMILCzuea1x7Dt ILHivPq1tcDUwMwguruw3cD7wLi3ziANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIL3DwNu1y7TPtNkuILHXwd+/obyttbUgwKW18MDawMyzyiwg PGJyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgwKW4tr26xc0s ILPXxq6/9sWpILD8uK675ywgxMTHu8XNILHXt6HHyCC60L7fte4gSVTB98G+ wLogsdcgwP3BpL+hIMDMuKawzcC4t84gwPy4wbXHsO0gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICDA1r3AtM+02S4gPC9mb250PiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxmb250IGNvbG9yPSMwMDUx NTE+wMy5zCDAzLrQvt+/oSDB+MPiwLsgvcO1tcfPsO0gwNa0wiC067Hivvcg udcgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgILqlw7Ox4r73 wMwgvNO80yC0w7DttMIgwNbB9ri4IMDOxc2z3SC757/rwM6xuMDHILHewfXA uLfOIMDOx9EgwPy5riDAzrfCwLogPGJyPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICDA/bTrus7Bt8DMtvO0wiCzrcGmv6Egus61+sPEILmr vvm6uLTZtbUgwPy5rsDOt8IgyK66uLChILCiILHivvfAxyDD1rTrILD6waaw oSC1x7DtIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICDA1r3A tM+02S4gwMy/oSC537jCw9++7iC6u7/4v6G8rbTCIDxicj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgtPUguLnAuiDA/LmuIMDOt8LAuyC+ 57y6x8+x4iDAp8fRIMDPyK/AuLfOIMD7wLoguvG/68C4t84gtPUguLnAuiCx s8CwseLIuLimILrOv6kgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIMfPseLAp8fYIMi5seLA+8DOILGzwLAgvcO9usXbILCzud+/oSA8YnI+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgILnawve4piCwocfP v7S9wLTPtNkuILHXILDhsPoguru/+MDHILHXILCjIMPgwPu1yCCz68fPv+y/ zSCxs8CwvcO9usXbIL/uv7XAxyDA5cGhwLsgDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIMPWtOvH0SDIsL/rx8+/qSDD1rTrwMcgwfjH0Lf8 sPogPGJyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICDD1rTr wMcgw+u+97f8wLsgwM7BpLnesNQgtce++r3AtM+02S4gPC9mb250PjwvcD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxmb250 IGNvbG9yPSNjMjBmNjggc2l6ZT0zPjxiPiA8bWFycXVlZSBiZWhhdmlvcj1h bHRlcm5hdGU+seLIuLTCIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICCzr77GsKG0wiC79b/NsLC9wLTPtNkuILOvvsawoSC59riu seLA/L+hIMDiwLi8vL/kICEhPC9tYXJxdWVlPjwvYj48L2ZvbnQ+PC9wPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAg ICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAg ICAgIDx0ciBiZ2NvbG9yPSNmY2ZhZjE+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0ZCBjb2xzcGFuPTI+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgDQo8dGFibGUgYWxpZ249Y2VudGVyIGJvcmRlcj0wIGNl bGxwYWRkaW5nPTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBj ZWxsc3BhY2luZz0wIGhlaWdodD04IHdpZHRoPTcwMD4NCg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8dHIgdmFsaWduPXRvcD4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD0yPiANCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgYWxpZ249 Y2VudGVyPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBzaXplPTE+Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uPC9mb250PjwvZGl2Pg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC90YWJsZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rk Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICA8dHIgYmdjb2xvcj0jZWVmMmZmPiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9MTY+Jm5ic3A7PC90 ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9NzE4 PiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+ DQogICAgICAgICAgICAgICAgICAgICAgICAgIDx0ciBiZ2NvbG9yPSNlZWYy ZmYgdmFsaWduPSJ0b3AiPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8dGQgY29sc3Bhbj0yIGhlaWdodD0xNTM+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgDQo8dGFibGUgYWxpZ249Y2VudGVyIGJvcmRlcj0x IGhlaWdodD01MjQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3 aWR0aD01NDEgYm9yZGVyY29sb3I9IiMwMDAwZmYiPg0KDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDx0ciBiZ2NvbG9yPSNmOWY5Zjk+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9NTI5 IHZhbGlnbj0idG9wIiBiZ2NvbG9yPSIjZmZmZmZmIj4gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8cCBhbGlnbj1jZW50ZXI+PGZv bnQgc2l6ZT0yPjxmb250IGNvbG9yPWdyZWVuIA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBmYWNlPbW4v/I+PGI+PGJyPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2I+PC9mb250PjwvZm9u dD48L3A+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICANCjx0YWJsZSBhbGlnbj1jZW50ZXIgYm9yZGVyPTAgd2lkdGg9NTIw Pg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDx0Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDx0ciBhbGlnbj1sZWZ0PiANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgYWxpZ249cmln aHQgcm93c3Bhbj0iMiI+PGI+PGZvbnQgc2l6ZT0yPg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjwv Yj48Zm9udCBzaXplPTI+PGI+sbPAsCANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgILD6waQ8L2I+PC9mb250Pjxm b250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplPTI+ PGI+oaE8L2I+PC9mb250PjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHJvd3NwYW49IjIiPjxiPjxm b250IHNpemU9Mj46IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovL2dhemF3ZWIuY28u a3Ivd2Rlc2lnbi5odG0iPsClIA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgtfDA2sDOPC9hPiAvIDxhIGhyZWY9 Imh0dHA6Ly9nYXphd2ViLmNvLmtyL3dtYXN0ZXIuaHRtIj7ApSANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgILi2 vbrFzTwvYT4gLyA8Zm9udCBmYWNlPbG8uLLDvD48YSBocmVmPSJodHRwOi8v Z2F6YXdlYi5jby5rci93YW5pbWF0aW9uLmh0bSI+M0Q8L2E+PC9mb250Pjxh IGhyZWY9Imh0dHA6Ly9pbnRlcnNpZ24uYWMvd2FuaW1hdGlvbi5odG0iPiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIL+htM+43sDMvMc8L2E+IC8gwPzA2rvzsMW3oTwvZm9udD48L2I+PGZv bnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9Mj48 Yj48YnI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA6IDxhIGhyZWY9Imh0dHA6Ly9nYXphd2ViLmNvLmtyL3dj b29yZGkuaHRtIj7ApcTatfCz18DMxc08L2E+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLyA8YSBocmVmPSJo dHRwOi8vZ2F6YXdlYi5jby5rci9tYWNkZXNpZ24uaHRtIj5ELlQuUDwvYT4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAvIDxhIGhyZWY9Imh0dHA6Ly9nYXphd2ViLmNvLmtyL2NhZC5odG0i PrDHw+C9w7nEt7nAzLzHKENBRCk8L2E+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLyC41sa8ucy18L7uPC9i PjwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8dHI+IDwvdHI+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJs ZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwIGFs aWduPWNlbnRlcj48Yj48Zm9udCBjb2xvcj0jMzMzMzMzIGZhY2U9sby4siAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0zPiA8L2Zv bnQ+PGZvbnQgY29sb3I9IzMzMzMzMyBmYWNlPbG8uLIgDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHNpemU9Mj48L2ZvbnQ+PGZvbnQgY29s b3I9IzMzMzMzMyBmYWNlPbG8uLIgDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHNpemU9Mz5PTiAtIExJTkUgu/O04yAgDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOzwvZm9udD48L2I+PC9wPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGZvcm0gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGFjdGlvbj1odHRwOi8vd3d3LmtvcmVhLW1hcmsu Y28ua3IvY2dpLWJpbi9mb3JtbWFpbC5wbCBtZXRob2Q9cG9zdCBhbGlnbj0i Y2VudGVyIj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPGlucHV0IG5hbWU9cmVjaXBpZW50IHR5cGU9aGlkZGVuIA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT13ZWJtYXN0ZXJAZ2F6 YXdlYi5jby5rcj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPGlucHV0IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBuYW1lPXN1YmplY3QgdHlwZT1oaWRkZW4gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHZhbHVlPSLAzsXNwNrAziCxs8Cwua7Axz8iPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8aW5wdXQg bmFtZT1yZXF1aXJlZCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdHlwZT1oaWRkZW4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHZhbHVlPcDMuKcsvLq6sCy7/bPiLMD8yK25+MijLMHWvNIsyN6068b5 LEUtbWFpbCzIuLvnuO0sua7Ax7vnx9c+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIA0KPHRhYmxlIGJvcmRlcj0wIHdpZHRoPSIx MDAlIj4NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDx0Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDx0ZCB3aWR0aD0iNjAlIiBoZWlnaHQ9IjM0OSIgdmFs aWduPSJ0b3AiPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgDQo8dGFibGUgYm9yZGVyPTAgY2VsbHBhZGRpbmc9MCBj ZWxsc3BhY2luZz0wICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg aGVpZ2h0PTE5NCB3aWR0aD0iMTAwJSI+DQoNCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+IA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgaGVpZ2h0PTMzNyB3aWR0aD0iMTAwJSI+IA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCjx0 YWJsZSBib3JkZXI9MSBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5nPTAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aWR0aD0iMTAwJSIgYm9y ZGVyY29sb3I9IiM5OTk5OTkiPg0KDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8dHI+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2U5ZTlkZSB3 aWR0aD0iMTclIj48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgc2l6ZT0yPjxiPjxmb250IGZhY2U9sby4sj48Zm9udCBmYWNlPbG8 uLIgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9Mj4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPC9mb250PjwvZm9udD48Zm9udCBjb2xvcj0i cmVkIj4qPC9mb250PsDMuKcmbmJzcDs8L2I+PC9mb250PjwvdGQ+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgYmdjb2xvcj0jZjVmNWYxIHdpZHRoPSI4MyUiPjxmb250IA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb2xvcj0jMDAwMDAw IGZhY2U9sby4ssO8PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG5hbWU9wMy4pyAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0xND4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPC9mb250PjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 dHI+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2U5ZTlkZSB3aWR0 aD0iMTclIj48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgc2l6ZT0yPjxiPjxmb250IGZhY2U9sby4siBzaXplPTI+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvZm9udD48Zm9udCBjb2xvcj0iI2U5ZTlkZSI+KjwvZm9u dD68urqwPC9iPjwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9 I2Y1ZjVmMSB3aWR0aD0iODMlIj48Zm9udCANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgY29sb3I9IzAwMDAwMCBmYWNlPbG8uLLDvCBzaXpl PTI+PGI+s7I8L2I+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8aW5wdXQgDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIENIRUNLRUQgbmFtZT28urqwIHR5cGU9 cmFkaW8gdmFsdWU9s7I+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICZuYnNwOyZuYnNwOyA8Yj6/ qTwvYj48L2ZvbnQ+PGZvbnQgY29sb3I9IzAwMDAwMCANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgZmFjZT2xvLiyw7w+IA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8aW5wdXQgbmFtZT28urqwIHR5cGU9cmFkaW8gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHZhbHVlPb+pPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Zv bnQ+PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8dGQgYmdjb2xvcj0jZTllOWRlIHdpZHRoPSIxNyUiPjxmb250 IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplPTI+PGI+ PGZvbnQgZmFjZT2xvLiyIHNpemU9Mj4gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwv Zm9udD48Zm9udCBjb2xvcj0icmVkIj4qPC9mb250Prv9s+K/+cDPPC9iPjwv Zm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0 aD0iODMlIj4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgbWF4bGVuZ3RoPTQgbmFtZT27/bPiv/nAzyBz aXplPTQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxmb250IHNpemU9Mj6z4iANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPHNlbGVjdCBuYW1lPbv9s+I+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiBz ZWxlY3RlZCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFs dWU9IiI+vLHFwzwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gdmFs dWU9Mb/5PjE8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIHZhbHVl PTK/+T4yPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9M7/5PjM8L29wdGlv bj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8b3B0aW9uIHZhbHVlPTS/+T40PC9vcHRpb24+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPG9wdGlvbiB2YWx1ZT01v/k+NTwvb3B0aW9uPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHZhbHVlPTa/+T42PC9vcHRpb24+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PG9wdGlvbiB2YWx1ZT03v/k+Nzwvb3B0aW9uPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxv cHRpb24gdmFsdWU9OL/5Pjg8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0 aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT05 v/k+OTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTEwv/k+MTA8L29wdGlv bj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB2YWx1ZT0xMb/5PjExPC9vcHRpb24+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdmFsdWU9MTK/+T4xMjwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3NlbGVj dD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgv/kgDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzZWxlY3QgbmFtZT27 /bPiPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxvcHRpb24gc2VsZWN0ZWQgdmFsdWU9IiI+ vLHFwzwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTHAzz4xPC9vcHRpb24+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPG9wdGlvbiB2YWx1ZT0ywM8+Mjwvb3B0aW9uPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDxvcHRpb24gdmFsdWU9M8DPPjM8L29wdGlvbj4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB2YWx1ZT00wM8+NDwvb3B0aW9uPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxv cHRpb24gdmFsdWU9NcDPPjU8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0 aW9uIHZhbHVlPTbAzz42PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlv biANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9N8DP Pjc8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIHZhbHVlPTjAzz44 PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiB2YWx1ZT05wM8+OTwv b3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHZhbHVlPTEwwM8+MTA8L29wdGlvbj4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB2YWx1ZT0xMcDPPjExPC9vcHRpb24+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFs dWU9MTLAzz4xMjwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTEzwM8+MTM8 L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB2YWx1ZT0xNMDPPjE0PC9vcHRpb24+DQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgdmFsdWU9MTXAzz4xNTwvb3B0aW9uPg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZh bHVlPTE2wM8+MTY8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0xN8DPPjE3 PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MTjAzz4xODwvb3B0aW9uPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHZhbHVlPTE5wM8+MTk8L29wdGlvbj4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2 YWx1ZT0yMMDPPjIwPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MjHAzz4y MTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTIywM8+MjI8L29wdGlvbj4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB2YWx1ZT0yM8DPPjIzPC9vcHRpb24+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg dmFsdWU9MjTAzz4yNDwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTI1wM8+ MjU8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0yNsDPPjI2PC9vcHRpb24+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgdmFsdWU9MjfAzz4yNzwvb3B0aW9uPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHZhbHVlPTI4wM8+Mjg8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9u IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0yOcDP PjI5PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MzDAzz4zMDwvb3B0aW9u Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHZhbHVlPTMxwM8+MzE8L29wdGlvbj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC9zZWxlY3Q+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIMDPICZuYnNwOyZuYnNwO7+5OiAy MDAxs+IgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDG/+SAxwM88L2ZvbnQ+PC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgYmdj b2xvcj0jZTllOWRlIHdpZHRoPSIxNyUiPjxmb250IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBzaXplPTI+PGI+PGZvbnQgZmFjZT2xvLiy IHNpemU9Mj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjxmb250IGNvbG9y PSJyZWQiPio8L2ZvbnQ+wPzIrbn4yKM8L2I+PC9mb250PjwvdGQ+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgYmdjb2xvcj0jZjVmNWYxIHdpZHRoPSI4MyUiPiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPHNlbGVjdCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgbmFtZT3A/MitufjIoz4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIHNlbGVj dGVkIHZhbHVlPSIiPryxxcM8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0 aW9uIHZhbHVlPTAyPjAyPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlv biANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MDMx PjAzMTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTAzMj4wMzI8L29wdGlv bj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB2YWx1ZT0wMzM+MDMzPC9vcHRpb24+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdmFsdWU9MDQxPjA0MTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRp b24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTA0 Mj4wNDI8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0wNDM+MDQzPC9vcHRp b24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgdmFsdWU9MDUxPjA1MTwvb3B0aW9uPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHZhbHVlPTA1Mj4wNTI8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0 aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0w NTM+MDUzPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MDU0PjA1NDwvb3B0 aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHZhbHVlPTA1NT4wNTU8L29wdGlvbj4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB2YWx1ZT0wNjE+MDYxPC9vcHRpb24+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9w dGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9 MDYyPjA2Mjwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTA2Mz4wNjM8L29w dGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICB2YWx1ZT0wNjQ+MDY0PC9vcHRpb24+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvc2VsZWN0Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtIDxmb250IA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBjb2xvcj0jMDAwMDAwIGZhY2U9 sby4ssO8PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG5hbWU9wPzIrbn4yKMgDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9MjE+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRy PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDx0ZCBiZ2NvbG9yPSNlOWU5ZGUgd2lkdGg9 IjE3JSI+PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHNpemU9Mj48Yj48Zm9udCBmYWNlPbG8uLIgc2l6ZT0yPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8L2ZvbnQ+PGZvbnQgY29sb3I9IiNlOWU5ZGUiPio8L2ZvbnQ+ RkFYPC9iPjwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2Y1 ZjVmMSB3aWR0aD0iODMlIj4gDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzZWxlY3QgDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIG5hbWU9RkFYPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDxvcHRpb24gc2VsZWN0ZWQgdmFsdWU9IiI+vLHFwzwvb3B0aW9u Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDxvcHRpb24gdmFsdWU9MDI+MDI8L29wdGlvbj4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB2YWx1ZT0wMzE+MDMxPC9vcHRpb24+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg dmFsdWU9MDMyPjAzMjwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTAzMz4w MzM8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0wNDE+MDQxPC9vcHRpb24+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgdmFsdWU9MDQyPjA0Mjwvb3B0aW9uPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHZhbHVlPTA0Mz4wNDM8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9u IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0wNTE+ MDUxPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MDUyPjA1Mjwvb3B0aW9u Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHZhbHVlPTA1Mz4wNTM8L29wdGlvbj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB2YWx1ZT0wNTQ+MDU0PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlv biANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MDU1 PjA1NTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTA2MT4wNjE8L29wdGlv bj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB2YWx1ZT0wNjI+MDYyPC9vcHRpb24+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdmFsdWU9MDYzPjA2Mzwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRp b24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTA2 ND4wNjQ8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9zZWxlY3Q+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIC0gPGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGNvbG9yPSMwMDAwMDAgZmFjZT2xvLiyw7w+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8aW5w dXQgbmFtZT1GQVggDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHNpemU9MjE+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDwvZm9udD48L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwv dHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBiZ2NvbG9y PSNlOWU5ZGUgd2lkdGg9IjE3JSI+PGZvbnQgDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHNpemU9Mj48Yj48Zm9udCBmYWNlPbG8uLIgc2l6 ZT0yPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjxmb250IGNvbG9yPSJy ZWQiPio8L2ZvbnQ+yN6068b5PC9iPjwvZm9udD48L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0iODMlIj4gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxzZWxlY3QgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG5h bWU9yN6068b5Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gc2VsZWN0ZWQgdmFs dWU9IiI+vLHFwzwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gdmFs dWU9MDExPjAxMTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTAxNj4wMTY8 L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB2YWx1ZT0wMTc+MDE3PC9vcHRpb24+DQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgdmFsdWU9MDE4PjAxODwvb3B0aW9uPg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZh bHVlPTAxOT4wMTk8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9zZWxlY3Q+DQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIC0gPGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIGNvbG9yPSMwMDAwMDAgZmFjZT2xvLiyw7w+IA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8aW5wdXQgbmFtZT3I3rTrxvkgDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHNpemU9MjE+DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZm9udD48L3RkPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0 ZCBiZ2NvbG9yPSNlOWU5ZGUgd2lkdGg9IjE3JSI+PGZvbnQgDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9Mj48Yj48Zm9udCBmYWNl PbG8uLIgc2l6ZT0yPg0KPGltZyBoZWlnaHQ9NyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHNyYz0iY2lkOlJFRF9TUElERVIwMDAwIiB3aWR0 aD03Pg0KIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L2ZvbnQ+PGZvbnQgY29sb3I9 InJlZCI+KjwvZm9udD7B1rzSPC9iPjwvZm9udD48L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0iODMlIj48Zm9udCANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgY29sb3I9IzAwMDAwMCBmYWNl PbG8uLLDvD4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBuYW1lPcHWvNIgDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9NTA+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDx0ZCBiZ2NvbG9yPSNlOWU5ZGUgd2lkdGg9IjE3 JSI+PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNp emU9Mj48Yj48Zm9udCBmYWNlPbG8uLIgc2l6ZT0yPg0KPGltZyBoZWlnaHQ9 NyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNyYz0iY2lkOlJF RF9TUElERVIwMDAxIiB3aWR0aD03Pg0KIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 L2ZvbnQ+PGZvbnQgY29sb3I9InJlZCI+KjwvZm9udD5FLW1haWw8L2I+PC9m b250PjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8dGQgYmdjb2xvcj0jZjVmNWYxIHdpZHRo PSI4MyUiPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjb2xvcj0jMDAwMDAwIGZhY2U9sby4ssO8PiANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGlu cHV0IG5hbWU9RS1tYWlsIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBzaXplPTMyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L2ZvbnQ+PC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgYmdj b2xvcj0jZTllOWRlIHdpZHRoPSIxNyUiPjxmb250IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBzaXplPTI+PGI+PGZvbnQgZmFjZT2xvLiy IHNpemU9Mj4NCjxpbWcgaGVpZ2h0PTcgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBzcmM9ImNpZDpSRURfU1BJREVSMDAwMiIgd2lkdGg9Nz4N CiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjxmb250IGNvbG9yPSJyZWQi Pio8L2ZvbnQ+yLi757jtPC9iPjwvZm9udD48L3RkPg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRk IGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0iODMlIj48Zm9udCANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgY29sb3I9IzAwMDAwMCBmYWNlPbG8 uLLDvD4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxpbnB1dCBuYW1lPci4u+e47SANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0zNz4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC9mb250Pjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBzaXplPTI+PGI+KMfQsbO47Sk8L2I+PC9mb250PjwvdGQ+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8dHI+IA0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGJn Y29sb3I9I2U5ZTlkZSB3aWR0aD0iMTclIj48Zm9udCANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgc2l6ZT0yPjxiPjxmb250IGZhY2U9sby4 siBzaXplPTI+DQo8aW1nIGhlaWdodD03ICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgc3JjPSJjaWQ6UkVEX1NQSURFUjAwMDMiIHdpZHRoPTc+ DQogDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDwvZm9udD48Zm9udCBjb2xvcj0icmVk Ij4qPC9mb250PrmuwMfH0LD6PC9iPjwvZm9udD48L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0iODMlIj4gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxzZWxlY3QgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG5h bWU9yPG4wcfQsPo+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiBzZWxlY3RlZCB2 YWx1ZT0iIj68scXDPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiB2 YWx1ZT241sa8ucy18L7uPrjWxry5zLXwvu48L29wdGlvbj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB2YWx1ZT3ApbXwwNrAzj7ApbXwwNrAzjwvb3B0aW9uPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHZhbHVlPcClxNq18LPXwMzFzT7ApcTatfCz18DMxc08L29wdGlvbj4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB2YWx1ZT3Apbi2vbrFzT7Apbi2vbrFzTwvb3B0aW9uPg0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHZhbHVlPTNEIL7WtM+43sDMvMc+M0Qgvta0z7jewMy8xzwvb3B0 aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHZhbHVlPUF1dG8gQ2FkPkF1dG8gQ2FkPC9vcHRp b24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgdmFsdWU9RFRQPkRUUDwvb3B0aW9uPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8L3NlbGVjdD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRy PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDx0ZCBiZ2NvbG9yPSNlOWU5ZGUgd2lkdGg9 IjE3JSIgaGVpZ2h0PSIxMDAiPjxmb250IGZhY2U9sby4siANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0yPjxmb250IHNpemU9Mj48 Yj48Zm9udCBmYWNlPbG8uLIgc2l6ZT0yPg0KPGltZyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGhlaWdodD03IHNyYz0iY2lkOlJFRF9TUElE RVIwMDA0IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpZHRo PTc+DQogPC9mb250PjwvYj48L2ZvbnQ+PGI+PGZvbnQgY29sb3I9InJlZCI+ KjwvZm9udD65rsDHIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICC758fXPC9iPjwvZm9u dD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0i ODMlIiBoZWlnaHQ9IjEwMCI+PHNwYW4gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHN0eWxlPSJCQUNLR1JPVU5ELUNPTE9SOiAjZjBmMGU4 Ij48VEVYVEFSRUEgY29scz01MiBuYW1lPbmuwMe758fXIHJvd3M9ND48L1RF WFRBUkVBPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3NwYW4+PC90ZD4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Ry Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8dGQgYmdjb2xvcj0jZmZmZmZmIGhlaWdo dD0zNyB3aWR0aD0iMTAwJSIgdmFsaWduPSJib3R0b20iPiANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHAg YWxpZ249Y2VudGVyPjxmb250IGNvbG9yPSMwMDAwMDAgZmFjZT2xvLiyw7w+ IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxpbnB1dCBuYW1lPVN1Ym1pdCB0eXBlPXN1Ym1pdCB2YWx1 ZT2/z7fhPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICZuYnNwOyA8L2ZvbnQ+PC9wPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9mb3JtPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8 L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHIgYmdjb2xvcj0j ZWVmMmZmPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgY29s c3Bhbj0yPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KPHRh YmxlIGFsaWduPWNlbnRlciBib3JkZXI9MCBjZWxscGFkZGluZz0wICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgY2VsbHNwYWNpbmc9MCBoZWln aHQ9OCB3aWR0aD03MDA+DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPHRib2R5PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPHRyIHZhbGlnbj10b3A+IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0ZCBoZWlnaHQ9Mj4gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPWNlbnRlcj48Zm9udCANCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0xPi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLjwv Zm9udD48L2Rpdj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Ry Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGFibGU+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAg ICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg PHRyIGJnY29sb3I9IzQyNDE2ZD4gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgPHRkIGNvbHNwYW49MiBoZWlnaHQ9MjU+IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBhbGlnbj1jZW50ZXI+PGZv bnQgc2l6ZT0yPjxiPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBjb2xvcj0jZmZmZmZmPqHYILHixbggwNq8vMfRILGzwLCzu7/r wLo8Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29s b3I9I2ZmZmY5OT48dT5UZWwgOiAwMik3NDQtOTU4NDwvdT48L2ZvbnQ+wLi3 ziANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgua7A xyC52bb4tM+02S48L2ZvbnQ+PC9iPjwvZm9udD48L2Rpdj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHIg Ymdjb2xvcj0jNDI0MTZkPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8dGQgY29sc3Bhbj0yIGhlaWdodD04MT4gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICANCjx0YWJsZSBhbGlnbj1jZW50ZXIgYmdjb2xvcj0j ZjNmM2YzIGJvcmRlcj0wICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgY2VsbHNwYWNpbmc9MCBoZWlnaHQ9NTQgd2lkdGg9NDMyPg0KDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD05Mz4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxmb250IA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplPTI+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9mb250Piogwb63zi0xyKO8sSANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgwb63zjWw ob+qIDK5+MPisbggx9GxucX1wNq9xcW5wfWxx7r0tfkgNEYgPGJyPg0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8YnI+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyogyKjG5MDMwfYgPGEgDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhyZWY9Imh0dHA6Ly9nYXph d2ViLmNvLmtyLyIgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHRhcmdldD1fYmxhbms+aHR0cDovL2dhemF3ZWIuY28ua3I8L2E+PC9wPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+ ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyogsbPAsLTjtOcgPEEgDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhyZWY9Im1haWx0bzp3ZWJt YXN0ZXJAZ2F6YXdlYi5jby5rciI+d2VibWFzdGVyQGdhemF3ZWIuY28ua3I8 L2E+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAowMzA2r+1KSA8L3A+DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8L3Rib2R5PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDwvdGFibGU+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgPHRyIGJnY29sb3I9IzQyNDE2ZD4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRkIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBjb2xzcGFuPTI+Jm5ic3A7PC90ZD4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAg ICAgICAgPC90Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAgICA8L3Rh YmxlPg0KICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAg ICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+ IA0KICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgICAg ICA8L3RkPg0KICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICA8 L3Rib2R5PiANCiAgICAgICAgICAgIDwvdGFibGU+DQogICAgICAgICAgPC90 ZD4NCiAgICAgICAgPC90cj4NCiAgICAgICAgPC90Ym9keT4gDQogICAgICA8 L3RhYmxlPjwhLS0gbWlhZ2VudCBzdWIgZW5kIC0tPg0KICAgICAgDQo8aW1n ICAgICAgICAgICAgICAgICAgIGhlaWdodD0xMiBzcmM9ImNpZDpSRURfU1BJ REVSMDAwNSIgICAgICAgICAgICAgICAgIHdpZHRoPTE+DQo8YnI+DQogICAg ICA8L2ZvbnQ+PC90ZD4NCiAgPC90cj4NCiAgPC90Ym9keT4gDQo8L3RhYmxl Pg0KPC90ZD48L1RSPjwvdGFibGU+PC9CT0RZPg0KPC9odG1sPg0K= ----RED_SPIDER_0003_0003-- ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/trans.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002-- ----RED_SPIDER_0001_0001-- From wilane@mint.sn Sun Jul 1 13:53:00 2001 From: wilane@mint.sn (Ousmane Wilane) Date: Sun, 1 Jul 2001 12:53:00 +0000 Subject: [Mailman-Developers] Missing _()! Message-ID: <01070112530000.00668@NDEYE_TOUTY> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Missing i18n In cron/mailpasswds:73 Cheers - -- - -- Ousmane Wilane (http://purl.org/NET/WILANE/) - -- +221 821 57 02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7Px0yWz9CBmeMnqIRAoEvAKDEq49dJmlpjVKEgWTJwi9gyCJW5wCgxTe2 N8qPzK7j4I+gv69Ugqq0zxw= =iriZ -----END PGP SIGNATURE----- From y.nugroho@student.umist.ac.uk Sun Jul 1 23:14:17 2001 From: y.nugroho@student.umist.ac.uk (Yanuar Nugroho) Date: Sun, 1 Jul 2001 23:14:17 +0100 Subject: [Mailman-Developers] change the layout? Message-ID: <000901c1027b$2b797e60$9baa5882@halls.umist.ac.uk> Dear all, If i want to change the layout of the body message (eg. change the left and right margin, or simply insert a letter/word in the left margin), which module should I modify? I've tried to read through all those python-modules in MM2.1 these few days but I couldn't locate. Any clue? Regards/Yanuar From jcrey@uma.es Mon Jul 2 11:58:38 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Mon, 02 Jul 2001 12:58:38 +0200 Subject: [Mailman-Developers] bug in checj_perms Message-ID: <3B4053DE.F6AFDC5C@uma.es> Testing a new installation from scratch, here is the result [jcrey@joker bin]$ ./check_perms=20 directory permissions must be 02775: /home/mailman/templates/es directory permissions must be 02775: /home/mailman/templates/fr directory permissions must be 02775: /home/mailman/templates/hu directory permissions must be 02775: /home/mailman/templates/en directory permissions must be 02775: /home/mailman/messages/es Traceback (most recent call last): File "./check_perms", line 324, in ? checkcgi() File "./check_perms", line 213, in checkcgi exes =3D os.listdir(mm_cfg.CGI_DIR) AttributeError: CGI_DIR I have seen inside Defaults.py and CGI_DIR is not defined. Cheers --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 12:06:19 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 13:06:19 +0200 Subject: [Mailman-Developers] How to downgrade from mailman 2.1a2 ? and some of my problems Message-ID: <200107021106.f62B6JJ16002@sun6.imbi.uni-freiburg.de> Hi developers, I installed mailman2.1a2 because I wanted to satisfy a list administrator who is waiting for the international interface. I tried it on a test machine first and it seemed to work but then... (System configuration: Sun Ultra 1, Solaris 7 using sendmail, python 2.1, mailman 2.1a2) First question: is it possible to downgrade to some older version if my problems continue? How do I do it? As I am not a member of the list, please send to me directly. And here some of my problems using mailman 2.1 a2 - mimelib 0.3 installed into site-lib, therefore the cron jobs (python -S) did not find it (my solution: delete the -S in the crontab entries) - mailman wanted libssl and libcrypto and did not find them in /usr/local/lib (I added links to /lib) - I got a message "Another qrunner is alread running" every minute! At first I commented the message out, but now I restart qrunner with cron only one every hour. - some messages from check_db about invalid triple...(ignored) - After the first message came in for distribution, I was not send out, but the program kept on adding new qrunner processes until I killed them all . I then deleted the master-qrunner entries in $MAILMAN/locks and all other locks. When I restarted the qrunner, I did not get the expected master.lock file again. I already got a 2,7MB error message. But the mail gets send. - I had to find out first that all list passwords were invalid, and then found the program to reset them :) - I found some files named *.msg and *.db in $MAILMAN/qfiles - not in subdirectories. Is that ok? MAIN Problem: - over the weekeend, the first round of password reminders should have been out. But the disk ran full over the weekend. I found the maschine with a load of 14, lots of qrunners and some /bin/mails as well as the programs that filled the disk (probably not mailman). I killed them all. Later on I found 2 mail files (7 and 10 MB )in /var/tmp. Where the passwords send out? At least 1 email, that had to be approved, was not send: the administrator ran into an error (file not found or something like that). Can I trust mailman2.1a2 that it is "disk full"-prove ? - right now I have 27 qrunners running - the master-qrunner is held by one of them, but not the oldest one. It should be one master and one per directory - right? - I made a new error log file. But there are already error messages in it ( I only give the first and last lines: Jul 02 10:14:30 2001 (1640) Uncaught runner exception: String payload expected Jul 02 10:14:30 2001 (1640) Traceback (most recent call last): [...] Jul 02 11:37:15 2001 qrunner(2209): raise TypeError, 'String payload expected' Jul 02 11:37:15 2001 qrunner(2209): TypeError : String payload expected Jul 02 11:32:34 2001 (2209) lost data files for filebase: 994066353.54731798+5cdd1e0516f3ccd53091f70eb8cfd905542c4646 Jul 02 11:32:36 2001 (2205) lost data files for filebase: 994066353.54731798+58815255dd387fa7e0e3d297cd80a8e3b87e80d7 Jul 02 11:37:13 2001 (2209) Uncaught runner exception: String payload expected Jul 02 11:37:14 2001 (2209) Traceback (most recent call last): File "/home/mailman/Mailman/Queue/IncomingRunner.py", line 136, in _dopipeline func(mlist, msg, msgdata) File "/usr/local/lib/python2.1/site-packages/mimelib/Generator.py", line 145, in _flatten raise TypeError, 'String payload expected' TypeError: String payload expected Jul 02 12:00:14 2001 qrunner(2395): Traceback (most recent call last): Jul 02 12:00:14 2001 qrunner(2395): File "/home/mailman/cron/qrunner", line 299, in ? Jul 02 12:00:14 2001 qrunner(2395): main() Jul 02 12:00:15 2001 qrunner(2205): File "/home/mailman/Mailman/Queue/Switchboard.py", line 135, in dequeue Jul 02 12:00:15 2001 qrunner(2205): os.unlink(msgfile) Jul 02 12:00:15 2001 qrunner(2205): OSError : [Errno 2] No such file or directory: '/home/mailman/qfiles/out/994068012.91432905+082aa298c0 1d478840e3b8bb3f95fe5216a41b8d.msg' Who can help? Best wishes Georg Koch -- -- Georg Koch (gorg@ami1.ukl.uni-freiburg.de) | Phone: +49 761 203 6710 System Administrator | Fax: +49 761 203 6711 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ........................................................................... If we knew what it was we were doing, it would not be called research, would it? -Albert Einstein From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 14:34:07 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 15:34:07 +0200 Subject: [Mailman-Developers] rmlist Message-ID: <200107021334.f62DY7J16281@sun6.imbi.uni-freiburg.de> When I remove a list (test2), rmlist says: "Not removing archives. Reinvoke with -a to remove them." When I do it, it says: "No such list: test2" -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 14:35:07 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 15:35:07 +0200 Subject: [Mailman-Developers] cannot approve requests Message-ID: <200107021335.f62DZ7J16302@sun6.imbi.uni-freiburg.de> Dear develpers, a list administrator sent me this page. I can verify his result with = the site password. What can I do to reenable list-administrators to = approve messages and requests? (There are 25 unapproved messages now). Best wishes Georg Koch -- = -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany =2E..................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From barry@digicool.com Mon Jul 2 14:47:44 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 2 Jul 2001 09:47:44 -0400 Subject: [Mailman-Developers] Missing _()! References: <01070112530000.00668@NDEYE_TOUTY> Message-ID: <15168.31616.659803.186817@anthem.wooz.org> Thanks! -Barry From barry@digicool.com Mon Jul 2 14:55:50 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 2 Jul 2001 09:55:50 -0400 Subject: [Mailman-Developers] bug in checj_perms References: <3B4053DE.F6AFDC5C@uma.es> Message-ID: <15168.32102.32339.182594@anthem.wooz.org> >>>>> "JCRA" == Juan Carlos Rey Anaya writes: | I have seen inside Defaults.py and CGI_DIR is not defined. Fixed now, thanks! -Barry From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 15:08:00 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 16:08:00 +0200 Subject: [Mailman-Developers] update not finishing Message-ID: <200107021408.f62E80J16494@sun6.imbi.uni-freiburg.de> Dear developers, some of my problems may be due to "update" not finishing. The error message was: fp = open(os.path.join(mm_cfg.TEMPLATE_DIR, gtemplate)) IOError: [Errno 2] No such file or directory: '/home/mailman/templates/admindbpreamble.html' Is there anything I can do (without learning to program python) ? Best wishes Georg Koch -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 17:26:02 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 18:26:02 +0200 Subject: [Mailman-Developers] AttributeError: 'int' object has no attribute 'lower' Message-ID: <3B40A09A.444C156B@imbi.uni-freiburg.de> This is a multi-part message in MIME format. --------------C1897213563153FD6E728957 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit here is another bug in a approval request best wishes -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ --------------C1897213563153FD6E728957 Content-Type: text/html; charset=us-ascii; name="consumers" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="consumers" Content-Base: "http://www.cochrane.de/mailman/admindb /consumers" Content-Location: "http://www.cochrane.de/mailman/admindb /consumers" Bug in Mailman version 2.1a2

Bug in Mailman version 2.1a2

We're sorry, we hit a bug!

If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks!

Traceback:

Traceback (most recent call last):
  File "/home/mailman/scripts/driver", line 105, in run_main
    main()
  File "/home/mailman/Mailman/Cgi/admindb.py", line 117, in main
    show_requests(mlist, doc)
  File "/home/mailman/Mailman/Cgi/admindb.py", line 199, in show_requests
    show_post_requests(mlist, id, info, total, count, form)
  File "/home/mailman/Mailman/Cgi/admindb.py", line 256, in show_post_requests
    line = reader.readline()
  File "/usr/local/lib/python2.1/site-packages/mimelib/MsgReader.py", line 42, in readline
    self._root = self._payload[self._pos]
  File "/usr/local/lib/python2.1/site-packages/mimelib/Message.py", line 100, in __getitem__
    return self.get(name)
  File "/usr/local/lib/python2.1/site-packages/mimelib/Message.py", line 159, in get
    name = name.lower()
AttributeError: 'int' object has no attribute 'lower'

Python information:

VariableValue
sys.version 2.1 (#1, Jun 26 2001, 16:46:38) [GCC 2.95.2 19991024 (release)]
sys.executable /usr/local/bin/python
sys.prefix /usr/local
sys.exec_prefix /usr/local
sys.path /usr/local
sys.platform sunos5

Environment variables:

VariableValue
DOCUMENT_ROOT /www/docs/cochrane
SERVER_ADDR 132.230.10.21
HTTP_ACCEPT_ENCODING gzip
REMOTE_HOST sun6.imbi.uni-freiburg.de
SERVER_PORT 80
PATH_TRANSLATED /www/docs/cochrane/consumers
REMOTE_ADDR 132.230.10.6
SERVER_SOFTWARE Apache/1.3.19 (Unix) ApacheJServ/1.1.2 PHP/4.0.4pl1 mod_ssl/2.8.1 OpenSSL/0.9.6
GATEWAY_INTERFACE CGI/1.1
UNIQUE_ID O0Cf7oTmChUAABBqD7w
HTTP_ACCEPT_LANGUAGE en
REMOTE_PORT 52145
SERVER_NAME www.cochrane.de
TZ MET
HTTP_USER_AGENT Mozilla/4.75 [en] (X11; U; SunOS 5.7 sun4u)
HTTP_ACCEPT_CHARSET iso-8859-1,*,utf-8
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
REQUEST_URI /mailman/admindb/consumers
QUERY_STRING
SERVER_PROTOCOL HTTP/1.0
PATH_INFO /consumers
HTTP_HOST www.cochrane.de
REQUEST_METHOD GET
SERVER_SIGNATURE
Apache/1.3.19 Server at www.cochrane.de Port 80
SCRIPT_NAME /mailman/admindb
SERVER_ADMIN gorg@cochrane.de
SCRIPT_FILENAME /dsk/www/mailman/cgi-bin/admindb
PYTHONPATH /home/mailman
HTTP_COOKIE hirexcc:admin=; test:admin=28020000006915483b3b732800000032373634313035633633366236663732303762353537623361613634386165323330306131663331; listowners:admin=; mwgs:admin=; smglist:admin=; training:admin=; consumers:admin=280200000069ec9f403b732800000030303461613665343631346131396530646631316266633063383666363066393034633266316131
HTTP_CONNECTION Keep-Alive
HTTP_REFERER http://www.cochrane.de/mailman/admin/consumers
--------------C1897213563153FD6E728957-- From marc_news@valinux.com Mon Jul 2 23:02:14 2001 From: marc_news@valinux.com (Marc MERLIN) Date: Mon, 2 Jul 2001 15:02:14 -0700 Subject: [Mailman-Developers] Config option in Defaults.py for new MM Message-ID: <20010702150214.F29121@magic.merlins.org> I've modified mailman on sourceforge as such: mailman-2.0.5.sf/Mailman/Cgi/admin.py: # # mass subscription processing for members category # def clean_names(name): return rfc822.unquote(string.strip(name)) if cgi_info.has_key('subscribees'): name_text = cgi_info['subscribees'].value name_text = string.replace(name_text, '\r', '') names = filter(None, map(clean_names, string.split(name_text, '\n'))) if len(names) > 1: document.AddItem(Header(1, "

Mass subscribing has been disabled due to abuse

")) document.AddItem("



") document.AddItem("Sorry, but mass subscribing has been disabled due to abuse.") document.AddItem("
") document.AddItem("You cannot subscribe more than one address.") document.AddItem("

") document.AddItem("If you need to migrate a list from another place, you need ") document.AddItem("to get approval from all your users and submit the list to ") document.AddItem("the SF staff") document.AddItem("

") document.AddItem('You can open a support ticket here') else: send_welcome_msg = string.atoi( cgi_info["send_welcome_msg_to_this_batch"].value) digest = 0 if not mlist.digestable: digest = 0 if not mlist.nondigestable: (...) Could the maximum number of subscriptions allowed through the web be a config option in MM 2.1? Having another config option that would allow submissions to go through mlist.AddMembers intead of mlist.ApprovedAddMembers would be nice too (members get auto-added, but they still need to complete the 3rd part of the 3 way handshake, i.e. answer the mail from mailman, before being subscribed). As for having a URL with a hash that would let people confirm the subscription instead of answering an Email, with their broken mail settings (line cutting/quoted printable/HTML/whatever), was that something that made it into MM 2.1? Thanks, Marc -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From barry@digicool.com Tue Jul 3 00:45:07 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 2 Jul 2001 19:45:07 -0400 Subject: [Mailman-Developers] How to downgrade from mailman 2.1a2 ? and some of my problems References: <200107021106.f62B6JJ16002@sun6.imbi.uni-freiburg.de> Message-ID: <15169.1923.276912.897405@anthem.wooz.org> >>>>> "GK" == Georg Koch writes: GK> First question: is it possible to downgrade to some older GK> version if my problems continue? How do I do it? I've never tried it, but I'm doubtful. Loading a list's config.db into a newer Mailman automatically upgrades the implied scheme in that file, and there are no provisions for reverting the schema. Anyone trying the 2.1 cvs should be aware that this is alpha code for a reason! I'm probably (soon) going to set up some semi-permanent test lists to start solidifying the code base, even if it technically remains alpha to avoid a feature freeze. I don't recommend upgrading on a production system. GK> And here some of my problems using mailman 2.1 a2 Ah, and now this is what I'm interested in! GK> - mimelib 0.3 installed into site-lib, therefore the cron jobs GK> (python -S) did not find it (my solution: delete the -S in the GK> crontab entries) That will increase start up time, so we should figure out why its necessary. Look at the bottom of Defaults.py and you should see some "path hacking" to get site-packages back on sys.path even if -S is used. That must not be working for you, and I'd like to figure out why. GK> - mailman wanted libssl and libcrypto and did not find them in GK> /usr/local/lib (I added links to /lib) Hmm, this is a mystery since Mailman doesn't make explicit use of anything that should link against those libraries. What version of Python are you using, and how did you build it? For example, I'm using a stock Python 2.1 built from source, on a RH6.1-ish Linux distro: % ldd /usr/local/bin/python libpthread.so.0 => /lib/libpthread.so.0 (0x40018000) libdl.so.2 => /lib/libdl.so.2 (0x4002a000) libutil.so.1 => /lib/libutil.so.1 (0x4002d000) libm.so.6 => /lib/libm.so.6 (0x40030000) libc.so.6 => /lib/libc.so.6 (0x4004c000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) So nothing that's statically linked in ought to require those libraries. You'll need to check your Python's lib-dynload/*.so files for other links (again, my stock install doesn't have any). This one sounds like a Python problem. GK> - I got a message "Another qrunner is alread running" every minute! GK> At first I commented the message out, but now I restart GK> qrunner with cron only one every hour. I'm seriously thinking that we should get rid of the cron-based qrunner even for the watchdog, since we now have qrunner running as a daemon. I think I'll write a start script that just wraps around cron/qrunner (which I don't want to rename for bogus CVS reasons), but that would be appropriate for an /etc/init.d script. GK> - some messages from check_db about invalid triple...(ignored) Huh? GK> - After the first message came in for distribution, I was not GK> send out, but the program kept on adding new qrunner processes GK> until I killed them all . I then deleted the master-qrunner GK> entries in $MAILMAN/locks and all other locks. When I GK> restarted the qrunner, I did not get the expected master.lock GK> file again. I already got a 2,7MB error message. But the mail GK> gets send. Hmm, I'm not sure I totally follow, but let's try an experiment. Remove the qrunner entry from crontab and just start the master qrunner by hand at a shell prompt. Don't give it any arguments. Now how well does it work? GK> - I had to find out first that all list passwords were GK> invalid, and then found the program to reset them :) Yes, because MM2.0.x used crypt to encrypt the passwords, but MM2.1 uses sha since it's much more reliably built into Python. This needs to get prominent notice in the release notes because there is no automatic way for Mailman to fix these passwords (the plain text cannot be programmatically extracted). GK> - I found some files named *.msg and *.db in $MAILMAN/qfiles - GK> not in subdirectories. Is that ok? No, these are left over from your pre-2.1 upgrade. I haven't come up with a good way to auto-upgrade these files, so I recommend that you make sure your system is clear before upgrading. You could try to move them into qfiles/in and see what happens (cross your fingers). GK> MAIN Problem: - over the weekeend, the first round of password GK> reminders should have been out. But the disk ran full over the GK> weekend. I found the maschine with a load of 14, lots of GK> qrunners and some /bin/mails as well as the programs that GK> filled the disk (probably not mailman). I killed them all. GK> Later on I found 2 mail files (7 and 10 MB )in /var/tmp. GK> Where the passwords send out? At least 1 email, that had to be GK> approved, was not send: the administrator ran into an error GK> (file not found or something like that). Can I trust GK> mailman2.1a2 that it is "disk full"-prove ? I'm not sure why you ended up with those files in /var/tmp, as Mailman shouldn't drop files there. There could be some strange interactions with your mailer going on. I'll do some testing of the password reminder scripts to make sure its working. GK> - right now I have 27 qrunners running - the master-qrunner is GK> held by one of them, but not the oldest one. It should be one GK> master and one per directory - right? Yes, by default, although Mailman can be configured to run any number of subprocesses per queue directory. I strongly suspect a bad interaction with the cron-based qrunner. I don't think the cron entry for qrunner is necessary any more, so again, I want to get rid of it. GK> - I made a new error log file. But there are already error GK> messages in it ( I only give the first and last lines: GK> Jul 02 10:14:30 2001 (1640) Uncaught runner exception: String GK> payload expected Jul 02 10:14:30 2001 (1640) Traceback (most GK> recent call last): [...] Jul 02 11:37:15 2001 qrunner(2209): GK> raise TypeError, 'String payload expected' Jul 02 11:37:15 GK> 2001 qrunner(2209): TypeError : String payload expected This is saying that mimelib is having trouble generating the plain text for one of your messages. The latest CVS doesn't generate plain text message until it has to send them to the MTA, otherwise, by default it uses binary Python pickles since it can load and store them to/from disk much faster. I'll need to instrument Mailman so that when these types of errors occur, the resulting objects can be captures for post mortems. Keep an eye on CVS over the next few days. -Barry From jarrell@vt.edu Tue Jul 3 01:25:40 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Mon, 02 Jul 2001 20:25:40 -0400 Subject: [Mailman-Developers] How to downgrade from mailman 2.1a2 ? and some of my problems In-Reply-To: <15169.1923.276912.897405@anthem.wooz.org> References: <200107021106.f62B6JJ16002@sun6.imbi.uni-freiburg.de> Message-ID: <5.1.0.14.2.20010702201222.04430460@lennier.cc.vt.edu> At 07:45 PM 7/2/01 -0400, you wrote: >Yes, because MM2.0.x used crypt to encrypt the passwords, but MM2.1 >uses sha since it's much more reliably built into Python. This needs >to get prominent notice in the release notes because there is no >automatic way for Mailman to fix these passwords (the plain text >cannot be programmatically extracted). You know, I'd seen this before, and it hadn't sunk in.. I expect this'll be a *big* loose for many existing sites. Hell, I don't actually know the list passwords to... Hmm. *Any* of my lists. Once I generated them for their owners, I didn't save the initial password, and encouraged them to change it anyway. And for the lists I run, I habitually use the site password to trump them out, since it's just easier that way. (Hell, I barely remember my personal list password on the lists :-)). I dread having to contact all the owners and arrange to get them a new password. (Note, having a tool that just emails out new random passwords to all the contacts isn't perfect, since I have people listed on a few lists that don't have the password, they just have the responsibility of answering the damn mail that comes in.) Or am I safe, because I'm not using crypt now? Doesn't it fall back to sha in that case? Or is they way 2.0 and 2.1 use it incompatible with each other? I already upgraded my 2.1 test system, and don't know the damn passwords there anyway :-). It might be worth considering another point release, to include a password recovery module for migration. Once installed, as each list admin authenticates, it checks to see if sha is already around. If so, it either just stashes the new format for later use in the config.db, or possibly goes ahead and migrates to using the new format. Come 2.1, most of the lists will be good to go already, and the admin page could easily include a signal that a particularly lists password was, or was not, valid anymore. (Hell, the login page could realistically include a note that "Your list has not finished conversion to the new software release. Please contact the site administrator to have your password reactivated." Similarly, 2.1 could include a fallback mechanism; if the password fails, and if crypt is available to load, try again with crypt, and if that works, convert the password and store it in the new format. With the two combined, you'd likely eliminate 90% of the migration difficulties (more, if it takes a while for 2.1 to come out). The ones worst impacted will be the ones who don't keep up to date, but they'll have multiple concerns anyway. From aylan@emirates.net.ae Tue Jul 3 03:31:54 2001 From: aylan@emirates.net.ae (Mubarak Mohammed) Date: Tue, 03 Jul 2001 06:31:54 +0400 Subject: [Mailman-Developers] Our registers Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0000_01C10389.D9D4F660 Content-Type: text/plain; charset="windows-1256" Content-Transfer-Encoding: 7bit My friends telling me that they regist with mailing list, but I didn't recieve anything about that. I Also don't know how can i access the mailing list. Thanks a lot in advance ------=_NextPart_000_0000_01C10389.D9D4F660 Content-Type: text/html; charset="windows-1256" Content-Transfer-Encoding: quoted-printable

My = friends telling=20 me that they regist with mailing list, but I didn't recieve anything = about=20 that.
I Also = don't know=20 how can i access the mailing list.
Thanks = a lot in=20 advance
------=_NextPart_000_0000_01C10389.D9D4F660-- From barry@digicool.com Tue Jul 3 04:36:20 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 2 Jul 2001 23:36:20 -0400 Subject: [Mailman-Developers] How to downgrade from mailman 2.1a2 ? and some of my problems References: <200107021106.f62B6JJ16002@sun6.imbi.uni-freiburg.de> <5.1.0.14.2.20010702201222.04430460@lennier.cc.vt.edu> Message-ID: <15169.15796.395602.234020@anthem.wooz.org> >>>>> "RJ" == Ron Jarrell writes: RJ> You know, I'd seen this before, and it hadn't sunk in.. I RJ> expect this'll be a *big* loose for many existing sites. RJ> It might be worth considering another point release, to RJ> include a password recovery module for migration. Once RJ> installed, as each list admin authenticates, it checks to see RJ> if sha is already around. If so, it either just stashes the RJ> new format for later use in the config.db, or possibly goes RJ> ahead and migrates to using the new format. Actually, after I wrote this, I remember that I /did/ have some backwards compatibility hacks in the code for falling back to crypt and md5 if the sha password didn't match. I went back and looked and it turns out that stuff got lost when I rewrote the authentication mechanism. I'll add it back. -Barry From giancarlo@navigare.net Tue Jul 3 09:47:49 2001 From: giancarlo@navigare.net (giancarlo) Date: Tue, 03 Jul 2001 10:47:49 +0200 Subject: [Mailman-Developers] X-whatever headers in mail-news gw Message-ID: <3B4186B5.16D74B0B@navigare.net> Hi. I'd like to try to adjust the headers-cooking when relaying a mail message to a newsgroup. The reason, as I axplained in a recent post to mailman-users (see 'NNTP-posting-header not of sender' in June-2001), is that I'd like to give the possibility to trace who sent the message in the first instance. This is to avoid that someone can use mailman's mail-news features as an anonymizing resender, which is something people complained about at a newsgroup here. I know this all has little meaning and these headers are easily spoofed, but I don't want poeople to have anything 'formally uncorrect' to complain about. What I miss is: which of the original mail headers that contains this info is worth (and easier) to keep and tranform into an 'X-whatever' header? The 'Message-ID:' header or the first 'Received:' header? Also someone pointed to me that the 'X-complaints-to:' header in the message that gets to the newsgroup contains the 'abuse' addres at the news server, not the mailman gw administrator's one. It is obvious that the admins at the news server have no responsability for a message sent by an authorized poster, as the mailman-gateway has to be. So the second question is: Who and when writes the 'X-complaints-to:' header? I suspect this is written by the news server when the message gets there, and will override any previously exixting one. So' I'd have to invent another maybe 'X-complaints-in-first-place-to:' header to give a possibility to be reached. What do you think? Giancarlo From giancarlo@navigare.net Tue Jul 3 10:25:26 2001 From: giancarlo@navigare.net (giancarlo) Date: Tue, 03 Jul 2001 11:25:26 +0200 Subject: [Mailman-Developers] Re: X-whatever headers in mail-news gw References: <3B4186B5.16D74B0B@navigare.net> Message-ID: <3B418F86.1A268E4@navigare.net> > I'd like to try to adjust the headers-cooking when relaying a mail > message to a newsgroup. > > What I miss is: > > which of the original mail headers that contains this info is worth (and > easier) to keep and tranform into an 'X-whatever' header? The > 'Message-ID:' header or the first 'Received:' header? > Or maybe I can use a procmail rule in mailman's home dir to do this, instead of digging into the python code? Giancarlo From giancarlo@navigare.net Tue Jul 3 21:20:32 2001 From: giancarlo@navigare.net (giancarlo) Date: Tue, 03 Jul 2001 22:20:32 +0200 Subject: [Mailman-Developers] X-Original header Message-ID: <3B422910.962AC02F@navigare.net> managed to add 3 extra headers to track anonymous postings to newsgoup, in ToUsenet.py: X-Original-ID: X-Original-Received: X-Gateway-Complaints-To: in fact the hardest thing was to realize that in python indentation matters! Ciao From jarrell@vt.edu Wed Jul 4 03:51:27 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Tue, 03 Jul 2001 22:51:27 -0400 Subject: [Mailman-Developers] X-whatever headers in mail-news gw In-Reply-To: <3B4186B5.16D74B0B@navigare.net> Message-ID: <5.1.0.14.2.20010703224015.03c28840@lennier.cc.vt.edu> At 10:47 AM 7/3/01 +0200, giancarlo wrote: >Who and when writes the 'X-complaints-to:' header? I suspect this is >written by the news server when the message gets there, and will >override any previously exixting one. >So' I'd have to invent another maybe 'X-complaints-in-first-place-to:' >header to give a possibility to be reached. I can't speak to *all* news servers, but in innd it's put in by the server as it's posting the note. nnrpd discards any nnrp-posting-host, x-complatints-to, etc, etc, and inserts it's own authentic headers. Having mailman stick in a x-gateway-trace header, similar to the news x-trace header might not be a bad idea. Which could contain more tracing info, like who mailman things it got the note from, might not be a bad idea. As a bonus, if you're concerned about security, the info could be reversibly encrypted with a token stored in each lists config.db, with a place the admin, after getting a complaint, could go on the web interface to translate it... Maybe having a "x-gateway-complaint: Relayed by mailman: complaints to (listowner)" wouldn't be bad. Someone "in the know", can tell from what's in the header now what's going on, since the message id, x-mailman-version, and errors-to header are a clear footprint as to what happened, but the man on the street (and even the admin on the street who's never heard of mailman) could be confused. From giancarlo@navigare.net Wed Jul 4 08:05:47 2001 From: giancarlo@navigare.net (Giancarlo Pinerolo) Date: Wed, 04 Jul 2001 09:05:47 +0200 Subject: [Mailman-Developers] patch not-to limit_posts_to_members if from usenet in mail-news gw Message-ID: <3B42C04B.A21B1155@navigare.net> Now that I got the go with pyton, I also managed to modify Hold.py so that, in a mail-news gateway where 'members-posting-only' is set, this check will not apply to messages from the 'usenet side', but only to messages coming from the 'mailing-list side'. (see http://mail.python.org/pipermail/mailman-users/2001-June/012509.html for the prob) This way unaware news posters from out there in the world will not receive a 'not allowed to post' message, which they might not undersatand and complain about Really a minor intervention. Mailman code is very well structured and written. Does anyine think this may be interesting? Giancarlo From jcrey@uma.es Wed Jul 4 08:18:21 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Wed, 04 Jul 2001 09:18:21 +0200 Subject: [Mailman-Developers] Bug in nightly_gzip Message-ID: <3B42C33D.E4808013@uma.es> I have installed Mailman from CVS and this is what it says... Traceback (most recent call last): File "/home/mailman/cron/nightly_gzip", line 52, in ? from Mailman import MailList File "/home/mailman/Mailman/MailList.py", line 34, in ? from mimelib.address import getaddresses ImportError: No module named mimelib.address Is this a bug or my mimelib is obsolete (again:-) ? Cheers --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From barry@digicool.com Wed Jul 4 08:22:21 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed, 4 Jul 2001 03:22:21 -0400 Subject: [Mailman-Developers] Bug in nightly_gzip References: <3B42C33D.E4808013@uma.es> Message-ID: <15170.50221.417049.657139@anthem.wooz.org> >>>>> "JCRA" == Juan Carlos Rey Anaya writes: JCRA> I have installed Mailman from CVS and this is what it | says... Traceback (most recent call last): | File "/home/mailman/cron/nightly_gzip", line 52, in ? | from Mailman import MailList | File "/home/mailman/Mailman/MailList.py", line 34, in ? | from mimelib.address import getaddresses | ImportError: No module named mimelib.address JCRA> Is this a bug or my mimelib is obsolete (again:-) ? Not yet. :) This must be a problem with sys.path for the cron jobs. Does this go away when you take the -S out of the cron command? -Barry From jcrey@uma.es Wed Jul 4 09:20:27 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Wed, 04 Jul 2001 10:20:27 +0200 Subject: [Mailman-Developers] Bug in nightly_gzip References: <3B42C33D.E4808013@uma.es> <15170.50221.417049.657139@anthem.wooz.org> Message-ID: <3B42D1CB.C7844EEF@uma.es> "Barry A. Warsaw" wrote: >=20 > This must be a problem with sys.path for the cron jobs. Does this go > away when you take the -S out of the cron command? Yes. No problem. Cheers --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From giancarlo@navigare.net Wed Jul 4 17:15:33 2001 From: giancarlo@navigare.net (Giancarlo Pinerolo) Date: Wed, 04 Jul 2001 18:15:33 +0200 Subject: [Mailman-Developers] Re: patch not-to limit_posts_to_members if from usenet in mail-news gw References: <3B42C04B.A21B1155@navigare.net> Message-ID: <3B434125.34BF1C2C@navigare.net> That, of mine, was a quick patch to solve my particular problem, but then I started thinking at the logic that was behind the fact that 'restrict-post-to-members' would require anyone posting, via the news server too, to be registered at the mailman gateway. Maybe if you run both the mailman gateway *and* the nntp server you can benefit from that? I don't know anything about administering news, so I don't know the tools used there to limit posts or moderate the postings to a news server. But in case the mailman mail-news gateway is a gateway to a 'public' news server residing somewhere else, how can you cannot require that evryone who posts there, from all over the world, be subscribed to some unknown mailing list, and send him a message as 'you post is not allowed' too. I dont know what happens if, in this case, you set 'approve-required' (privacy) to a mail-news gw. Probably everyone who posts to the news from out there would get a message 'held for approval' too. So maybe there can be a distinguish between relaying from a newsgroup *you* manage, and relaying from a 'public' newsgoup out there. But doesn't a news server has his own way to restrict posts and get moderator approval? Thanks for any enlightment Giancarlo From mrocha@rec.utn.edu.ar Wed Jul 4 20:11:34 2001 From: mrocha@rec.utn.edu.ar (Mariela Rocha) Date: Wed, 4 Jul 2001 16:11:34 -0300 Subject: [Mailman-Developers] Ayuda, por favor. Message-ID: <00ad01c104bd$242948e0$8516d2aa@rec.utn.edu.ar> This is a multi-part message in MIME format. ------=_NextPart_000_00AA_01C104A3.FEA9B640 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hola, soy Mariela Rocha de la Universidad Tecnol=F3gica Nacional y estoy = tratando de instalar el software Mailman 2.0.5. y para ello necesito = Python. El tema es que despu=E9s de instalar Python intento correr el = ./configure para el mailman y me dice: castor:/usr/local/bin/mailman-2.0.5# ./configure = --with-python=3D/usr/local/bin/Python-1.5.2 loading cache ./config.cache checking for --with-python... /usr/local/bin/Python-1.5.2 checking Python interpreter... /usr/local/bin/Python-1.5.2 checking Python version... ./configure: /usr/local/bin/Python-1.5.2: = cannot exec ute cat: cannot open conftest.out configure: error: ***** /usr/local/bin/Python-1.5.2 is too old (or broken) ***** Python 1.5.2 or newer is required castor:/usr/local/bin/mailman-2.0.5# =20 Qu=E9 puede estar sucediendo? =20 Gracias! =20 -------------------------------------------------- -------------------------------------------------- Ing. Mariela C. Rocha Centro de Comunicaciones Rectorado - UTN Telefax: +54 11 5371 5662 e-mail: mrocha@utn.edu.ar ------=_NextPart_000_00AA_01C104A3.FEA9B640 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hola, soy Mariela Rocha de la = Universidad=20 Tecnol=F3gica Nacional y estoy tratando de instalar el software Mailman = 2.0.5. y=20 para ello necesito Python. El tema es que despu=E9s de instalar Python = intento=20 correr el ./configure para el mailman y me dice:
 
castor:/usr/local/bin/mailman-2.0.5# = ./configure=20 --with-python=3D/usr/local/bin/Python-1.5.2
loading cache=20 ./config.cache
checking for --with-python...=20 /usr/local/bin/Python-1.5.2
checking Python interpreter...=20 /usr/local/bin/Python-1.5.2
checking Python version... ./configure:=20 /usr/local/bin/Python-1.5.2: cannot exec
ute
cat: cannot open=20 conftest.out
configure: error:
 
***** /usr/local/bin/Python-1.5.2 is = too old (or=20 broken)
***** Python 1.5.2 or newer is required

castor:/usr/local/bin/mailman-2.0.5#
 
Qu=E9 puede estar = sucediendo?
 
Gracias!
 
--------------------------------------------------
----------= ----------------------------------------
Ing.=20 Mariela C. Rocha
Centro de Comunicaciones
Rectorado - = UTN
Telefax: +54=20 11 5371 5662
e-mail: mrocha@utn.edu.ar
<= /BODY> ------=_NextPart_000_00AA_01C104A3.FEA9B640-- From jcrey@uma.es Thu Jul 5 08:46:25 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Thu, 05 Jul 2001 09:46:25 +0200 Subject: [Mailman-Developers] Ayuda, por favor. References: <00ad01c104bd$242948e0$8516d2aa@rec.utn.edu.ar> Message-ID: <3B441B51.76E1CA19@uma.es> > Mariela Rocha wrote: > [snip] > ***** /usr/local/bin/Python-1.5.2 is too old (or broken) > ***** Python 1.5.2 or newer is required >=20 > Qu=E9 puede estar sucediendo? Pues que no has desinstalado el python 1.5.2 y te lo est=E1 detectando antes que el python 2.0 Comprueba que detecta tu sistema con: which python o whereis python o simplemente ejecutando python A ver que versi=F3n te ejecuta. Si te dice que python est=E1 en /usr/bin/python quita este ejecutable y hazle un enlace donde est=E9 el python 2.0 Saludos --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From jcrey@uma.es Thu Jul 5 08:54:08 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Thu, 05 Jul 2001 09:54:08 +0200 Subject: [Mailman-Developers] unintended bad manners Message-ID: <3B441D20.A2F5F5BB@uma.es> Excuse me, trying to be swift in responding to a problem presented in my mother tongue, I have replied to the list in spanish when I was intending to reply only to the original poster. Cheers --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From tnt@linux.ca Thu Jul 5 19:55:03 2001 From: tnt@linux.ca (Charles Iliya Krempeaux) Date: Thu, 05 Jul 2001 11:55:03 -0700 Subject: [Mailman-Developers] Want to Code... need some feedback Message-ID: <3B44B807.8050208@linux.ca> Hello, When it comes to Mailman, I'm a newbie, and some of my understanding of Mailman is probably naive or just plain wrong. But I'd like to do some coding on Mailman. (And with the help of J C Lawrence and Devdas Bhagat [on the Mailman-Users mailing list] I think I have enough of an understanding of how Mailman works to attempt to get started.) It's my hope that maybe someone code point me in the right direction, of where to get started (to start coding). For example, should I use the 2.0.5 source, or should I get the source directly from the CVS? Also, what is the usual work environment that people use to develop? Mailman with Sendmail? Mailman with Qmail? Mailman with exim? Mailman with PostFix? Etc? Does it matter? Also, I'd like to describe my ideas (to everyone) to get some feedback. (Tell me if the ideas are good. If they suck. Or if someone is already doing them.) Anyways, here's my intention.... It is my opinion that the current web based archive system leaves much to be desired (in terms of usability, funtionality, and even aesthetics). And I'd like to see it improved; or at least provide the ability from website creator to improve them. (And if noone else is working on these things, I'd like to do them myself.) I'd like to say straight off, that I do not really know anything about the internals of Mailman, except that it is coded in Python. (I haven't yet begun reading the souce.) But anyways.... I think that the interface for the archiver would be more usable if it was more like that of a Weblog or Bulletin Board. From this Weblog or Bulletin Board like interface [of the mailing list archiver] the user could see the `traffic' of one single mailing list, or see the `traffic' of many different mailing lists. Also, the users of this interface, would have other functionalities at their displosal; like searching. Also, the archiver's webpage could also serve as a kind homepage for the mailing list. Providing additional functioanlity, like FAQs, Links, etc. (I'm expecting this to get some critisizm.) Further, the Weblog or Bulletin Board interface could also serve as an additional way of users being able to post messages to the mailing list(s). (Basically, my intention is to blur -- from the user's perspective -- the difference between a Mailing List, and a Weblog or Bulletin Board.) To do this, I think that e-mail messages should be dumped into a database. (Since I have MySQL and PostgreSQL at my disposal, those are what I'll be able to support myself.) I am assuming that the current archiver for Mailman doesn't do this already, but instead uses some kind if file format. Is this correct? Also, I think it is a good idea to provide a gerenal PHP (and whatever other language) library for accessing to archive (in the database). That way the database structure, for the archiver, is free to change, without necessarily breaking everyone else's code. And websites can completely and seemlessly integrate the archiver into their website (by creating their own front ends, using the PHP [or whatever language] library). Also, a default Web based user interface should be provided (using the PHP library). (For those user's who don't want to do any coding.) Those are the basics of what I'd like to do. (I'll leave it at that, to get some feedback, before describing things further, or in more detail. But there is alot more to it. Stuff that would affect other parts of Mailman too,... besides just the archiver.) See ya Charles Iliya Krempeaux From claw@kanga.nu Thu Jul 5 20:22:29 2001 From: claw@kanga.nu (J C Lawrence) Date: Thu, 05 Jul 2001 12:22:29 -0700 Subject: [Mailman-Developers] Want to Code... need some feedback In-Reply-To: Message from Charles Iliya Krempeaux of "Thu, 05 Jul 2001 11:55:03 PDT." <3B44B807.8050208@linux.ca> References: <3B44B807.8050208@linux.ca> Message-ID: <9840.994360949@kanga.nu> On Thu, 05 Jul 2001 11:55:03 -0700 Charles Iliya Krempeaux wrote: > To do this, I think that e-mail messages should be dumped > into a database. (Since I have MySQL and PostgreSQL at my > disposal, those are what I'll be able to support myself.) I have some early proof of concepts done on having MHonArc generate scripts which when executed insert their respective message contents into PostgresQL with the appropriate threading links. The code is based off the PHP and templated based archiving I already do at Kanga.Nu, merely taking the already products PHP variable assignments in the current system and insteaf having the back end use them as the values to insert into the DB. It works. Kinda. Its not pretty. The reliance on PHP as an intermediate layer should be removed (slightly messy as MHonArc insists on inserting HTML-style comments), Proper thread handling and generation needs to be improved (Shouldn't reluy on MHonArc but should be dynamically generated). etc. -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ I never claimed to be human. From tnt@linux.ca Thu Jul 5 22:16:53 2001 From: tnt@linux.ca (Charles Iliya Krempeaux) Date: Thu, 05 Jul 2001 14:16:53 -0700 Subject: [Mailman-Developers] Want to Code... need some feedback Message-ID: <3B44D945.2050705@linux.ca> Hello, J C Lawrence wrote: >> To do this, I think that e-mail messages should be dumped >> into a database. (Since I have MySQL and PostgreSQL at my >> disposal, those are what I'll be able to support myself.) > > I have some early proof of concepts done on having MHonArc generate > scripts which when executed insert their respective message contents > into PostgresQL with the appropriate threading links. The code is > based off the PHP and templated based archiving I already do at > Kanga.Nu, merely taking the already products PHP variable > assignments in the current system and insteaf having the back end > use them as the values to insert into the DB. > > It works. Kinda. Its not pretty. The reliance on PHP as an > intermediate layer should be removed (slightly messy as MHonArc > insists on inserting HTML-style comments), Proper thread handling > and generation needs to be improved (Shouldn't reluy on MHonArc but > should be dynamically generated). etc. My way of thinking, of having it designed, is that Mailman (using Python) directly dumps the e-mail messages into the database. (Are there standard [or defacto standard] Python modules for accessing databases?... For accessing MySQL and PostgreSQL?) Then, standard PHP (and whatever other languages) bindings/libraries, to the database, can be provided. That way, the database is the middle man. And Mailman, and the PHP binding/library (and any other language binding/library) only depend on the database. (And better still, Mailman is completely independent of the PHP [and vice versa]. Only the database structure matters.) (To get a little deeper into the design...) the important things I see, to extract from each message (and also store), is: The author of the message. (This will probably be based on the e-mail address. But, IMO, it would be better to design it so a person/author is thought of as a seperate entity from an e-mail address. That way, a person/author could have more than one e-mail address, and still be recognized as the same person/author. There is one problem though... what happens if more than one person uses an e-mail address?) The message (or possiblely messages) that the e-mail message is a response to. The mailing list (or mailing lists) that it was sent to. The date & time it was received by the mailing list. The date & time it was (suppose) to have been sent. (Although this can be inaccurate when someone does not set their clock correctly,... as I understand it anyways.) The subject of the message. Other `things' that might want to be stored. (Maybe for statistical reasons. Maybe for other reasons.) The delivery history of the of the e-mail message. All the other headers found in the message. If a message is sent from the web interface, maybe store stuff like the IP address of the sender, etc. Does that sound reasonable? Have I missed anything? Your insight into the workings of Mailman would be much appreciated. See ya Charles Iliya Krempeaux From claw@2wire.com Thu Jul 5 22:32:47 2001 From: claw@2wire.com (J C Lawrence) Date: Thu, 05 Jul 2001 14:32:47 -0700 Subject: [Mailman-Developers] Want to Code... need some feedback In-Reply-To: Message from Charles Iliya Krempeaux of "Thu, 05 Jul 2001 14:16:53 PDT." <3B44D945.2050705@linux.ca> References: <3B44D945.2050705@linux.ca> Message-ID: <13606.994368767@2wire.com> On Thu, 05 Jul 2001 14:16:53 -0700 Charles Iliya Krempeaux wrote: > Hello, J C Lawrence wrote: >>> To do this, I think that e-mail messages should be dumped into a >>> database. (Since I have MySQL and PostgreSQL at my disposal, >>> those are what I'll be able to support myself.) >> I have some early proof of concepts done on having MHonArc >> generate scripts which when executed insert their respective >> message contents into PostgresQL with the appropriate threading >> links. The code is based off the PHP and templated based >> archiving I already do at Kanga.Nu, merely taking the already >> products PHP variable assignments in the current system and >> insteaf having the back end use them as the values to insert into >> the DB. >> >> It works. Kinda. Its not pretty. The reliance on PHP as an >> intermediate layer should be removed (slightly messy as MHonArc >> insists on inserting HTML-style comments), Proper thread handling >> and generation needs to be improved (Shouldn't reluy on MHonArc >> but should be dynamically generated). etc. > My way of thinking, of having it designed, is that Mailman (using > Python) directly dumps the e-mail messages into the database. > (Are there standard [or defacto standard] Python modules for > accessing databases?... For accessing MySQL and PostgreSQL?) Yes. > Then, standard PHP (and whatever other languages) > bindings/libraries, to the database, can be provided. That way, > the database is the middle man. And Mailman, and the PHP > binding/library (and any other language binding/library) only > depend on the database. (And better still, Mailman is completely > independent of the PHP [and vice versa]. Only the database > structure matters.) The reasons I don't want to do this: 1) MIME 2) national (and other) character sets 3) content types (really a subset of MIME but a large enough problem to be unique) > (To get a little deeper into the design...) the important things I > see, to extract from each message (and also store), is: Minimally: To: (multiple) From: CC: To: GECOS (multiple) From: GECOS CC: GECOS (multiple) Date: Receipt date Receipt address(es) (multiple) MessageID References: (multiple) In-Reply-To: (computed it missing, flagged) Subject: Prior subject (was: (...) matching, opportunistic history match) Message Body MIME Key (if any) MIME structure Indexes to external MIME items -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows From mentor@alb-net.com Thu Jul 5 23:59:31 2001 From: mentor@alb-net.com (Mentor Cana) Date: Thu, 5 Jul 2001 18:59:31 -0400 (EDT) Subject: [Mailman-Developers] error with latest CVS: len() of unsized object Message-ID: All... Here is the error logged after I send a message to a test list on the latest mailman CVS installation. I CVSed today's set of checkings... The message gets stuck in qfiles/shunt directory. -- Mentor ---------- Jul 05 18:54:08 2001 (23307) Uncaught runner exception: len() of unsized object Jul 05 18:54:08 2001 (23307) Traceback (most recent call last): File "/opt/home/mmtest/Mailman/Queue/Runner.py", line 102, in __oneloop self.__onefile(msg, msgdata) File "/opt/home/mmtest/Mailman/Queue/Runner.py", line 142, in __onefile sender = msg.get_sender() File "../Mailman/Message.py", line 66, in get_sender File "/usr/local/lib/python2.0/site-packages/mimelib/address.py", line 16, in getaddresses return a.getaddrlist() File "/usr/local/lib/python2.0/rfc822.py", line 522, in getaddrlist ad = self.getaddress() File "/usr/local/lib/python2.0/rfc822.py", line 530, in getaddress self.gotonext() File "/usr/local/lib/python2.0/rfc822.py", line 510, in gotonext while self.pos < len(self.field): TypeError: len() of unsized object From barry@digicool.com Fri Jul 6 03:30:33 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Thu, 5 Jul 2001 22:30:33 -0400 Subject: [Mailman-Developers] error with latest CVS: len() of unsized object References: Message-ID: <15173.8905.821853.119084@anthem.wooz.org> >>>>> "MC" == Mentor Cana writes: MC> Here is the error logged after I send a message to a test list MC> on the latest mailman CVS installation. I CVSed today's set of MC> checkings... MC> The message gets stuck in qfiles/shunt directory. That's were all bad messages go to die. :) Actually, it will (hopefully) make debugging easier. Let's find out! Can you send me both the .msg (or .pck) file and the .db file so I can run it through my own system and see if I can find the problem? Thanks, -Barry From werner@linpro.no Fri Jul 6 06:36:51 2001 From: werner@linpro.no (Morten Werner Olsen) Date: Fri, 6 Jul 2001 07:36:51 +0200 (CEST) Subject: [Mailman-Developers] Templates.. Message-ID: Hello. I try to change Mailman's look to make it fit into another web-interface, but because of some reason it's not enough to change the templates in /etc/mailman. One of the problems is the subscribe.html-file. I change it to what I want, but when it's shown, these four lines is printed in the top (and they are not from the template-file): Why, and is it a way I can stop this from happening? It destroys my bgcolor.. :) Best regards, Morten Werner Olsen. From Achim.Gaedk@zpr.uni-koeln.de Fri Jul 6 10:12:47 2001 From: Achim.Gaedk@zpr.uni-koeln.de (Achim Gaedke) Date: Fri, 06 Jul 2001 11:12:47 +0200 Subject: [Mailman-Developers] encrypted mailinglists Message-ID: <3B45810E.4BB33098@zpr.uni-koeln.de> Hello everybody! I wonder if you are interested in encrypted mailinglists. My ideas are: - Using pgp or gpg as encryption algorithm. - The list administrator/moderator generates a list key. - Everything, what is going to the list is encrypted with this public key (mails, subscription ...) - Outgoing mails are encrypted with the public keys of the list members. - If a new member wants to join this list, she/he must be approved by the moderator (otherwise, encryption does not make sense...), support for checking fingerprints of public keys and chains of trust would be nice. - Instead of encryption, signatures are added. I have no time to contribute jet, but maybe someone else is concerned with developing such a mailingist. Bye, Achim -- Achim Gaedke, ZPR Weyertal 80, 50931 K=F6ln Tel: +49 221 470 6021 From thomas@xs4all.net Fri Jul 6 12:25:23 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Fri, 6 Jul 2001 13:25:23 +0200 Subject: [Mailman-Developers] Templates.. In-Reply-To: References: Message-ID: <20010706132523.E8098@xs4all.nl> On Fri, Jul 06, 2001 at 07:36:51AM +0200, Morten Werner Olsen wrote: > I try to change Mailman's look to make it fit into another web-interface, > but because of some reason it's not enough to change the templates in > /etc/mailman. > One of the problems is the subscribe.html-file. I change it to what I > want, but when it's shown, these four lines is printed in the top (and > they are not from the template-file): > > > > > Why, and is it a way I can stop this from happening? It destroys my > bgcolor.. :) It's all explained in the following thread: http://mail.python.org/pipermail/mailman-developers/2001-June/004420.html You can also find a fix there :-) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From barry@digicool.com Fri Jul 6 16:42:39 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Fri, 6 Jul 2001 11:42:39 -0400 Subject: [Mailman-Developers] Templates.. References: <20010706132523.E8098@xs4all.nl> Message-ID: <15173.56431.451400.387646@anthem.wooz.org> >>>>> "TW" == Thomas Wouters writes: TW> It's all explained in the following thread: TW> http://mail.python.org/pipermail/mailman-developers/2001-June/004420.html TW> You can also find a fix there :-) And it should (finally!) be fixed in the 2.1 tree. -Barry From barry@digicool.com Tue Jul 10 03:28:19 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 9 Jul 2001 22:28:19 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] Poking and prodding the archiver References: <20010708195956.D17451@babylon5.babcom.com> Message-ID: <15178.26691.1632.266050@anthem.wooz.org> [Note: this discussion is more appropriate for mailman-developers, so I've changed the Cc: -baw] >>>>> "PS" == Phil Stracchino writes: PS> I've looked at some length through the code for the archiver PS> now, and although I still don't understand python, I've PS> figured out enough of what the archiver is doing to see that PS> it's apparently intentional that the path to mbox archives is PS> .../mailman/archives/private/list.mbox/list.mbox. Yes, and this is for security reasons as explained in the comment in Archiver.py (see InitVars()). The comment is slightly out-of-date in that the file under listname.mbox/ is also called listname.mbox. PS> What I haven't been able to figure out is *why* the code is PS> written to duplicate the last element in the pathname; See above. PS> nor why it is that the archiver is written in such a way that PS> it attempts to access this mbox archive directory with its PS> duplicated final pathname element even when mbox archives are PS> disabled, and fails if it doesn't exist. If this is true (and I haven't tested it), then it's most likely just old lurking bugs. The archiver/Pipermail stuff is the most neglected part of the codebase. People keep threatening to help rewrite it, but so far nothing's materialized, and I have little time or energy to devote to the Pipermail side. PS> I find this behavior even more curious in light of the fact PS> that newlist apparently creates archives/private/list.mbox PS> when it sets up the list, but does not create the PS> archives/private/list.mbox/list.mbox without the existence of PS> which the archiver fails. Do you mean the archiver fails or that the web access to the archiver fails? Certainly not the former (unless I misunderstand) because it works for me, and loads of other people. It's a known buglet that the pipermail url doesn't work until the first message is posted to the list. PS> I've applied the following patch to my HyperArch.py file PS> (patch also attached separately): [patch deleted] PS> I don't know what impact this has on mbox archives, but for PS> me, it makes the HTML archiver work. Hmm, odd. What I think will break is private archives. If you toggle an archive to private, I seem to remember that you can craft a url to trick the web server into vending an archive page for you directly, instead of forcing you to go through authentication with the private.py cgi. PS> I would welcome comment, any explanations for the curious PS> state of unsatisfied and illogical dependencies described PS> above, and any advice on fixing anything that this patch PS> breaks. It's still a mystery to me why the archiver should PS> even *care* whether or not the mbox archive directory exists, PS> when mbox archives are disabled in the master configuration PS> anyway. It probably shouldn't, but then Mailman probably shouldn't support ARCHIVE_TO_MBOX=0. Archiving to the mbox is about as fast as it gets, since it is just a file append, and it's /incredibly/ handy to have that .mbox file around (even as large as it can get), in case you want to regenerate your archive, or you want to migrate to a different external archiver. -Barry From alaric@babcom.com Tue Jul 10 04:15:18 2001 From: alaric@babcom.com (Phil Stracchino) Date: Mon, 9 Jul 2001 20:15:18 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] Poking and prodding the archiver In-Reply-To: <15178.26691.1632.266050@anthem.wooz.org>; from barry@digicool.com on Mon, Jul 09, 2001 at 10:28:19PM -0400 References: <20010708195956.D17451@babylon5.babcom.com> <15178.26691.1632.266050@anthem.wooz.org> Message-ID: <20010709201518.B10767@babylon5.babcom.com> On Mon, Jul 09, 2001 at 10:28:19PM -0400, Barry A. Warsaw wrote: > > [Note: this discussion is more appropriate for mailman-developers, so > I've changed the Cc: -baw] > >>>>> "PS" == Phil Stracchino writes: > > PS> I've looked at some length through the code for the archiver > PS> now, and although I still don't understand python, I've > PS> figured out enough of what the archiver is doing to see that > PS> it's apparently intentional that the path to mbox archives is > PS> .../mailman/archives/private/list.mbox/list.mbox. > > Yes, and this is for security reasons as explained in the comment in > Archiver.py (see InitVars()). The comment is slightly out-of-date in > that the file under listname.mbox/ is also called listname.mbox. Right. I understand why all archives are stored under archives/private; what I wasn't understanding was why the last pathname element was duplicated, because until I'd (a) worked around it temporarily and (b) seen mailman/bin/arch in action, I didn't understand that it was a case of a listname.mbox directory containing a listname.mbox file. > PS> nor why it is that the archiver is written in such a way that > PS> it attempts to access this mbox archive directory with its > PS> duplicated final pathname element even when mbox archives are > PS> disabled, and fails if it doesn't exist. > > If this is true (and I haven't tested it), then it's most likely just > old lurking bugs. The archiver/Pipermail stuff is the most neglected > part of the codebase. People keep threatening to help rewrite it, but > so far nothing's materialized, and I have little time or energy to > devote to the Pipermail side. Well, I'm trying to figure out the problem, but my Python-fu is small. :) > PS> I find this behavior even more curious in light of the fact > PS> that newlist apparently creates archives/private/list.mbox > PS> when it sets up the list, but does not create the > PS> archives/private/list.mbox/list.mbox without the existence of > PS> which the archiver fails. > > Do you mean the archiver fails or that the web access to the archiver > fails? Certainly not the former (unless I misunderstand) because it > works for me, and loads of other people. It's a known buglet that the > pipermail url doesn't work until the first message is posted to the list. Both. If the mbox file does not exist, the pipermail URL points to a zero-length document, so web access to the archives fails; and no HTML archive files are created, so there's no HTML archives to access in the first place. Only flat text archives are created. > PS> I've applied the following patch to my HyperArch.py file > PS> (patch also attached separately): [Note: Now that I understand what's happening and why, I have removed the patch.] > > [patch deleted] > > PS> I don't know what impact this has on mbox archives, but for > PS> me, it makes the HTML archiver work. > > Hmm, odd. What I think will break is private archives. If you toggle > an archive to private, I seem to remember that you can craft a url to > trick the web server into vending an archive page for you directly, > instead of forcing you to go through authentication with the > private.py cgi. Actually, on further examination, I think what it'll do is break mbox archives. > PS> It's still a mystery to me why the archiver should > PS> even *care* whether or not the mbox archive directory exists, > PS> when mbox archives are disabled in the master configuration > PS> anyway. > > It probably shouldn't, but then Mailman probably shouldn't support > ARCHIVE_TO_MBOX=0. Archiving to the mbox is about as fast as it gets, > since it is just a file append, and it's /incredibly/ handy to have > that .mbox file around (even as large as it can get), in case you want > to regenerate your archive, or you want to migrate to a different > external archiver. True, though it can be regenerated from the year-month.txt files created by the web archiver. (This is what I did in order to regenerate my back archives with arch.) Right now I'm doing a test to find out whether the archiver cares whether archives/private/listname.mbox/listname.mbox is non-zero length, so long as it actually exists. From what I've been able to glean from the code, I don't think it should care. If this is the case, then a simple workaround exists to the pipermail problems, which is to simply touch the file at the time the list directories are created. I've looked at newlist to see if I can see where this is done, and I think I've traced it to Utils.MakeDirTree(), but I don't know enough about Python or the internals of Mailman to figure out where the path data for it is coming from yet. I'll continue to study it to see if I can figure it out, but it'd probably be a lot quicker if one of the Real Developers could suggest a test patch to add creation of an empty .mbox file to the list creation operation. -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek alaric@babcom.com halmayne@sourceforge.net 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) From barry@digicool.com Tue Jul 10 06:17:17 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 10 Jul 2001 01:17:17 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? References: <15178.24477.255057.658552@anthem.wooz.org> Message-ID: <15178.36829.848426.571906@anthem.wooz.org> >>>>> "JJ" == Joshua Jore writes: JJ> No, but it would require than /home/mailman be owned by JJ> root. Which reminds me: I've been thinking about changing the default $prefix to be /usr/local/mailman in MM2.1. It makes much more sense to me and is in fact, what I use for all my new lists these days. You would, of course, be able to give configure --prefix=/home/mailman to get the MM2.0 default. Would that cause undo hardship to folks? -Barry From gorg@sun1.imbi.uni-freiburg.de Tue Jul 10 11:03:12 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Tue, 10 Jul 2001 12:03:12 +0200 Subject: [Mailman-Developers] No module named RFC822 Message-ID: <200107101003.f6AA3DS17125@sun31.imbi.uni-freiburg.de> Before sending in another peculiar observation, I wanted to update my mailman version. After "cvs update" I did a "make install" and got the following error: Compiling /home/mailman/Mailman/versions.py ... Traceback (most recent call last): File "bin/update", line 46, in ? from Mailman import MailList File "/home/mailman/Mailman/MailList.py", line 49, in ? from Mailman.Bouncer import Bouncer File "/home/mailman/Mailman/Bouncer.py", line 29, in ? from mimelib.RFC822 import RFC822 ImportError: No module named RFC822 Normal sending with known subscribers seems to work, but senddigests now complains with the same error: /usr/local/bin/python /home/mailman/cron/senddigests produced the following output: Traceback (most recent call last): File "/home/mailman/cron/senddigests", line 25, in ? from Mailman import MailList File "/home/mailman/Mailman/MailList.py", line 49, in ? from Mailman.Bouncer import Bouncer File "/home/mailman/Mailman/Bouncer.py", line 29, in ? from mimelib.RFC822 import RFC822 ImportError: No module named RFC822 What should I do? Best wishes Georg -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From thomas@xs4all.net Tue Jul 10 12:42:56 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Tue, 10 Jul 2001 13:42:56 +0200 Subject: [Mailman-Developers] No module named RFC822 In-Reply-To: <200107101003.f6AA3DS17125@sun31.imbi.uni-freiburg.de> References: <200107101003.f6AA3DS17125@sun31.imbi.uni-freiburg.de> Message-ID: <20010710134256.X8098@xs4all.nl> On Tue, Jul 10, 2001 at 12:03:12PM +0200, Georg Koch wrote: > Before sending in another peculiar observation, I wanted to update my > mailman version. After "cvs update" I did a "make install" and got the > following error: > Compiling /home/mailman/Mailman/versions.py ... > Traceback (most recent call last): > File "bin/update", line 46, in ? > from Mailman import MailList > File "/home/mailman/Mailman/MailList.py", line 49, in ? > from Mailman.Bouncer import Bouncer > File "/home/mailman/Mailman/Bouncer.py", line 29, in ? > from mimelib.RFC822 import RFC822 > ImportError: No module named RFC822 > > Normal sending with known subscribers seems to work, but senddigests > now complains with the same error: > > /usr/local/bin/python /home/mailman/cron/senddigests > produced the following output: > > Traceback (most recent call last): > File "/home/mailman/cron/senddigests", line 25, in ? > from Mailman import MailList > File "/home/mailman/Mailman/MailList.py", line 49, in ? > from Mailman.Bouncer import Bouncer > File "/home/mailman/Mailman/Bouncer.py", line 29, in ? > from mimelib.RFC822 import RFC822 > ImportError: No module named RFC822 > What should I do? Probably update your 'mimelib' version. 0.4 is now required. -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From jra@baylink.com Tue Jul 10 14:28:26 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Tue, 10 Jul 2001 09:28:26 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <15178.36829.848426.571906@anthem.wooz.org>; from "Barry A. Warsaw" on Tue, Jul 10, 2001 at 01:17:17AM -0400 References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> Message-ID: <20010710092826.40751@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 01:17:17AM -0400, Barry A. Warsaw wrote: > Which reminds me: I've been thinking about changing the default > $prefix to be /usr/local/mailman in MM2.1. It makes much more sense > to me and is in fact, what I use for all my new lists these days. You > would, of course, be able to give configure --prefix=/home/mailman to > get the MM2.0 default. > > Would that cause undo hardship to folks? Nope, wouldn't bother me at all. I install Mailman in /appl/mailman [where it belongs], right next to all my other subsystem-level applications. ;-) Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From barry@digicool.com Tue Jul 10 15:06:26 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 10 Jul 2001 10:06:26 -0400 Subject: [Mailman-Developers] No module named RFC822 References: <200107101003.f6AA3DS17125@sun31.imbi.uni-freiburg.de> Message-ID: <15179.3042.801849.747558@anthem.wooz.org> >>>>> "GK" == Georg Koch writes: GK> Before sending in another peculiar observation, I wanted to GK> update my mailman version. After "cvs update" I did a "make GK> install" and got the following error: You need to grab mimelib-0.4 from www.sf.net/projects/mimelib. Also, I got sidetracked last night in the middle of checkins so the cvs tree may be a bit unstable for the next couple of hours. Until I can clear all the checkins. -Barry From gorg@sun1.imbi.uni-freiburg.de Tue Jul 10 16:53:39 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Tue, 10 Jul 2001 17:53:39 +0200 Subject: [Mailman-Developers] multipart/mixed error Message-ID: <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> This is a multipart MIME message. --==_Exmh_-5605721300 Content-Type: text/plain; charset=us-ascii The attached message is a multipart/mixed containing 2 parts. But when I send it to the test list, I get a message containing 3 parts - there is a new empty part text/plain charset=us-ascii in front. But if I add a blank in the header like this, < Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" --- > Content-Type: multipart/mixed ; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" and send it: it is only 2 parts again. Several people using my mailman use Microsoft exchange server, which sends it the "wrong" way. For them the message looks like an empty message, with a "message" as attachment. Can it be fixed? Best wishes Georg --==_Exmh_-5605721300 Content-Type: text/plain ; name="3parts.mail"; charset=us-ascii Content-Description: 3parts.mail Content-Disposition: attachment; filename="3parts.mail" MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) From: gorg@cochrane.de To: test@cochrane.de Subject: test [Mwgs] CSG Midsummer Newsletter Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C0FFD9.6A425B60 Content-Type: text/plain; charset="iso-8859-1" first part ------_=_NextPart_000_01C0FFD9.6A425B60 Content-Type: text/plain; charset="iso-8859-1" second part ------_=_NextPart_000_01C0FFD9.6A425B60-- --==_Exmh_-5605721300 Content-Type: text/plain; charset=us-ascii -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ --==_Exmh_-5605721300-- From thomas@xs4all.net Tue Jul 10 16:58:41 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Tue, 10 Jul 2001 17:58:41 +0200 Subject: [Mailman-Developers] multipart/mixed error In-Reply-To: <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> References: <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> Message-ID: <20010710175841.B8098@xs4all.nl> On Tue, Jul 10, 2001 at 05:53:39PM +0200, Georg Koch wrote: > The attached message is a multipart/mixed containing 2 parts. But > when I send it to the test list, I get a message containing 3 parts - > there is a new empty part text/plain charset=us-ascii in front. > > But if I add a blank in the header like this, > < Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" > --- > > Content-Type: multipart/mixed ; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" > > and send it: it is only 2 parts again. > > Several people using my mailman use Microsoft exchange server, > which sends it the "wrong" way. For them the message looks > like an empty message, with a "message" as attachment. What version of Mailman are you using ? -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From gorg@sun1.imbi.uni-freiburg.de Tue Jul 10 17:08:46 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Tue, 10 Jul 2001 18:08:46 +0200 Subject: [Mailman-Developers] multipart/mixed error In-Reply-To: Your message of "Tue, 10 Jul 2001 17:58:41 +0200." <20010710175841.B8098@xs4all.nl> Message-ID: <200107101608.f6AG8k618093@sun8.imbi.uni-freiburg.de> > What version of Mailman are you using ? 2.1a2 with python 2.1 and mimelib0.4 -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From alaric@babcom.com Tue Jul 10 18:43:26 2001 From: alaric@babcom.com (Phil Stracchino) Date: Tue, 10 Jul 2001 10:43:26 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <20010710092826.40751@scfn.thpl.lib.fl.us>; from jra@baylink.com on Tue, Jul 10, 2001 at 09:28:26AM -0400 References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> Message-ID: <20010710104326.A21535@babylon5.babcom.com> On Tue, Jul 10, 2001 at 09:28:26AM -0400, Jay R. Ashworth wrote: > On Tue, Jul 10, 2001 at 01:17:17AM -0400, Barry A. Warsaw wrote: > > Would that cause undo hardship to folks? > > Nope, wouldn't bother me at all. > > I install Mailman in /appl/mailman [where it belongs], right next to all > my other subsystem-level applications. ;-) I personally use /opt/mailman. So long as changing the prefix from the default still works, I don't see why changing the default should inconvenience anyone except those who don't read the instructions and release notes. -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek alaric@babcom.com halmayne@sourceforge.net 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) From claw@kanga.nu Tue Jul 10 18:55:41 2001 From: claw@kanga.nu (J C Lawrence) Date: Tue, 10 Jul 2001 10:55:41 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: Message from "Jay R. Ashworth" of "Tue, 10 Jul 2001 09:28:26 EDT." <20010710092826.40751@scfn.thpl.lib.fl.us> References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> Message-ID: <1860.994787741@kanga.nu> On Tue, 10 Jul 2001 09:28:26 -0400 Jay R Ashworth wrote: > I install Mailman in /appl/mailman [where it belongs], right next > to all my other subsystem-level applications. ;-) Next thing you know you'll be advocating /opt and other Sun-brain damage. ObRant: Isolated directory hierarchies for applications are DOS/Windows-like and make managing filesystem allocation a pain. I prefer an FHS based install: $PREFIX=/var/lib/mailman templates go in /etc/mailman logs go in /var/log/mailman executables go in /usr/sbin (newlist, find_member, etc) CGIs go under /usr/lib/cgi-bin etc Makes things easily manageable and in-line with the rest of the system. Happily the Debian Mailman package does this by default. Damned nice job there actually. -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ I never claimed to be human. From jra@baylink.com Tue Jul 10 19:43:33 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Tue, 10 Jul 2001 14:43:33 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <1860.994787741@kanga.nu>; from J C Lawrence on Tue, Jul 10, 2001 at 10:55:41AM -0700 References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> Message-ID: <20010710144333.63917@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 10:55:41AM -0700, J C Lawrence wrote: > > I install Mailman in /appl/mailman [where it belongs], right next > > to all my other subsystem-level applications. ;-) > > Next thing you know you'll be advocating /opt and other Sun-brain > damage. No; that's why I use /appl; I *hate* /opt. > ObRant: Isolated directory hierarchies for applications are > DOS/Windows-like and make managing filesystem allocation a pain. > > I prefer an FHS based install: > > $PREFIX=/var/lib/mailman > templates go in /etc/mailman > logs go in /var/log/mailman > executables go in /usr/sbin (newlist, find_member, etc) > CGIs go under /usr/lib/cgi-bin > etc That would be great, if Mailman were a) compiled and b) homogenous. It's neither, so there has to be *some* place to put all the pieces. > Makes things easily manageable and in-line with the rest of the > system. Happily the Debian Mailman package does this by default. > Damned nice job there actually. /var/lib/mailman? I'm not sure that's actually the proper place to put such stuff; what are the assumptions for /var? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From giancarlo@navigare.net Tue Jul 10 20:22:29 2001 From: giancarlo@navigare.net (giancarlo) Date: Tue, 10 Jul 2001 21:22:29 +0200 Subject: [Mailman-Developers] Show date-sent in HTML archive even if that's not the archival logic Message-ID: <3B4B55F5.E901FE98@navigare.net> I decided to set the archive logic to 'when-resent' to avoid those bogus archives far away in the future. Nevertheless I wanted the HTML archiver to show the X-Original-Date value in the list archive. So, now tha I am launched with Python, I made a little patch to pipermail.py (I have version 2.0.1) 221c221,224 < if message.has_key('Date'): --- > if message.has_key('X-Original-Date'): > self.datestr = str(message['X-Original-Date']) > date = message.getdate_tz('X-Original-Date') > elif message.has_key('Date'): Hope I've guessed the whole thing right... Giancarlo From tollef@add.no Tue Jul 10 20:39:57 2001 From: tollef@add.no (Tollef Fog Heen) Date: 10 Jul 2001 21:39:57 +0200 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <20010710144333.63917@scfn.thpl.lib.fl.us> References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> Message-ID: <873d84375e.fsf@arabella.intern.opera.no> * "Jay R. Ashworth" | > Makes things easily manageable and in-line with the rest of the | > system. Happily the Debian Mailman package does this by default. | > Damned nice job there actually. *smiles and bows* | /var/lib/mailman? I'm not sure that's actually the proper place to put | such stuff; what are the assumptions for /var? from the FHS: 5. The /var Hierarchy /var -- Variable data [snip] +-lib Variable state information [snip] 5.5 /var/lib : Variable state information /var/lib -- Variable state information [snip] +- State data for packages and subsystems This hierarchy holds state information pertaining to an application or the system. State information is data that programs modify while they run, and that pertains to one specific host. Users should never need to modify files in /var/lib to configure a package's operation. State information is generally used to preserve the condition of an application (or a group of inter-related applications) between invocations and between different instances of the same application. State information should generally remain valid after a reboot, should not be logging output, and should not be spooled data. An application (or a group of inter-related applications) should use a subdirectory of /var/lib for its data. There is one required subdirectory, /var/lib/misc, which is intended for state files that don't need a subdirectory; the other subdirectories should only be present if the application in question is included in the distribution. So, perhaps I should move qfiles to /var/spool/mailman/qfiles, but I don't think I will. -- Tollef Fog Heen, Debian Mailman Maintainer You Can't Win From jra@baylink.com Tue Jul 10 21:04:03 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Tue, 10 Jul 2001 16:04:03 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <873d84375e.fsf@arabella.intern.opera.no>; from Tollef Fog Heen on Tue, Jul 10, 2001 at 09:39:57PM +0200 References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> <873d84375e.fsf@arabella.intern.opera.no> Message-ID: <20010710160403.58184@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 09:39:57PM +0200, Tollef Fog Heen wrote: > | /var/lib/mailman? I'm not sure that's actually the proper place to put > | such stuff; what are the assumptions for /var? > > from the FHS: > > 5. The /var Hierarchy > > /var -- Variable data > [snip] > +-lib Variable state information > [snip] > 5.5 /var/lib : Variable state information > > /var/lib -- Variable state information > [snip] > +- State data for packages and subsystems > This hierarchy holds state information pertaining to an application or > the system. State information is data that programs modify while they > run, and that pertains to one specific host. Users should never need to > modify files in /var/lib to configure a package's operation. Which makes my point that the mailman homedir can't be there, since it contains code... Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From barry@digicool.com Tue Jul 10 21:27:12 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 10 Jul 2001 16:27:12 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> <873d84375e.fsf@arabella.intern.opera.no> Message-ID: <15179.25888.11411.739555@anthem.wooz.org> I think it's fine (cool, in fact!) for packagers to DTRT w.r.t. to the Linux distros they're supporting. If there is something I can do to make your lives easier, let's talk about it. But by default, I want a source install to put all Mailman files under a single common subdir (i.e. the way it works now). I think it's easy enough to configure it for just about any file system layout. -Barry From thomas@xs4all.net Tue Jul 10 21:40:31 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Tue, 10 Jul 2001 22:40:31 +0200 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <15179.25888.11411.739555@anthem.wooz.org> References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> <873d84375e.fsf@arabella.intern.opera.no> <15179.25888.11411.739555@anthem.wooz.org> Message-ID: <20010710224031.C8098@xs4all.nl> On Tue, Jul 10, 2001 at 04:27:12PM -0400, Barry A. Warsaw wrote: > I think it's fine (cool, in fact!) for packagers to DTRT w.r.t. to the > Linux distros they're supporting. If there is something I can do to > make your lives easier, let's talk about it. But by default, I want a > source install to put all Mailman files under a single common subdir > (i.e. the way it works now). I think it's easy enough to configure it > for just about any file system layout. Concur. I also very much prefer /usr/local/mailman, though I wouldn't mind something like Apache's 'layout' system, where one of the layouts can be 'FHS' :-) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From claw@2wire.com Tue Jul 10 21:42:32 2001 From: claw@2wire.com (J C Lawrence) Date: Tue, 10 Jul 2001 13:42:32 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: Message from barry@digicool.com (Barry A. Warsaw) of "Tue, 10 Jul 2001 16:27:12 EDT." <15179.25888.11411.739555@anthem.wooz.org> References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> <873d84375e.fsf@arabella.intern.opera.no> <15179.25888.11411.739555@anthem.wooz.org> Message-ID: <13636.994797752@2wire.com> On Tue, 10 Jul 2001 16:27:12 -0400 Barry A Warsaw wrote: > I think it's easy enough to configure it for just about any file > system layout. Aye, not all the *nix world is Linux and the exceptions have little interest in the FHS. -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows From Dan Mick Tue Jul 10 21:53:46 2001 From: Dan Mick (Dan Mick) Date: Tue, 10 Jul 2001 13:53:46 -0700 (PDT) Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? Message-ID: <200107102053.NAA08106@utopia.West.Sun.COM> > > I think it's easy enough to configure it for just about any file > > system layout. > > Aye, not all the *nix world is Linux and the exceptions have little > interest in the FHS. Indeed. Some of us, in fact, have no idea what y'all are babbling about. I've heard of LHS and RHS, but FHS....well, the only thing that comes to mind is things I've said while trying to write formal proofs. :) From barry@digicool.com Tue Jul 10 22:23:29 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 10 Jul 2001 17:23:29 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? References: <200107102053.NAA08106@utopia.West.Sun.COM> Message-ID: <15179.29265.675267.839462@anthem.wooz.org> >>>>> "DM" == Dan Mick writes: >> I think it's easy enough to configure it for just about any >> file system layout. >> Aye, not all the *nix world is Linux and the exceptions have >> little interest in the FHS. DM> Indeed. Some of us, in fact, have no idea what y'all are DM> babbling about. I've heard of LHS and RHS, but FHS....well, DM> the only thing that comes to mind is things I've said while DM> trying to write formal proofs. :) I didn't either (or really, I'd forgotten). Type "FHS" into google and be amazed again; the very first hit explains all. :) if-coolness-equalled-wealth-they'd-all-be-googlenairs-ly y'rs, -Barry From mats@laplaza.org Tue Jul 10 23:15:23 2001 From: mats@laplaza.org (Mats Wichmann) Date: Tue, 10 Jul 2001 16:15:23 -0600 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <200107102053.NAA08106@utopia.West.Sun.COM> Message-ID: <5.1.0.14.1.20010710161149.00a9feb0@laplaza.org> At 01:53 PM 7/10/2001 -0700, Dan Mick wrote: > >> > I think it's easy enough to configure it for just about any file >> > system layout. >> >> Aye, not all the *nix world is Linux and the exceptions have little >> interest in the FHS. > >Indeed. Some of us, in fact, have no idea what y'all are babbling >about. I've heard of LHS and RHS, but FHS....well, the only thing >that comes to mind is things I've said while trying to write >formal proofs. :) The FHS is the Filsystem Heirarchy Standard. It's an effort to keep Linux administrators sane by suggesting where things ought to go. Nobody uses it. Mats (yes, I know that's an eggs-ageration, but in practical terms, worrying about the FHS /now/ is a pointless exercise since so many folks just put things wherever they want) From chuqui@plaidworks.com Wed Jul 11 04:57:56 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Tue, 10 Jul 2001 20:57:56 -0700 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <5.1.0.14.1.20010710161149.00a9feb0@laplaza.org> Message-ID: On 7/10/01 3:15 PM, "Mats Wichmann" wrote: > The FHS is the Filsystem Heirarchy Standard. > It's an effort to keep Linux administrators sane > by suggesting where things ought to go. > > Nobody uses it. Does that mean we need to write it up as an RFC, or should it go right to IEEE, since it's obviously ready? Or maybe we need to send it to ANSI? From jra@baylink.com Wed Jul 11 05:05:39 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 11 Jul 2001 00:05:39 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: ; from Chuq Von Rospach on Tue, Jul 10, 2001 at 08:57:56PM -0700 References: <5.1.0.14.1.20010710161149.00a9feb0@laplaza.org> Message-ID: <20010711000539.17985@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 08:57:56PM -0700, Chuq Von Rospach wrote: > On 7/10/01 3:15 PM, "Mats Wichmann" wrote: > > The FHS is the Filsystem Heirarchy Standard. > > It's an effort to keep Linux administrators sane > > by suggesting where things ought to go. > > Nobody uses it. > > Does that mean we need to write it up as an RFC, or should it go right to > IEEE, since it's obviously ready? Or maybe we need to send it to ANSI? No, that just means we need to can "no one does use it, therefore it's useless" type people. :-) Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From claw@2wire.com Wed Jul 11 05:29:29 2001 From: claw@2wire.com (J C Lawrence) Date: Tue, 10 Jul 2001 21:29:29 -0700 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: Message from Chuq Von Rospach of "Tue, 10 Jul 2001 20:57:56 PDT." References: Message-ID: <2962.994825769@2wire.com> On Tue, 10 Jul 2001 20:57:56 -0700 Chuq Von Rospach wrote: > On 7/10/01 3:15 PM, "Mats Wichmann" wrote: >> The FHS is the Filsystem Heirarchy Standard. It's an effort to >> keep Linux administrators sane by suggesting where things ought >> to go. >> >> Nobody uses it. Apparently you have not noticed: http://www.linuxbase.org/test/results/ Aside: Roughly two thirds of the Debian faults were errors in testing rather than in Debian (eg packages needed for the test not installed). > Does that mean we need to write it up as an RFC, or should it go > right to IEEE, since it's obviously ready? Or maybe we need to > send it to ANSI? It is clear that ICANN has demonstrated a clear willingness and ability to move and act decisively in a manner which is both technically astute and which supports the best interests of 'net users in general. Surely, hopefully, they can be persuaded to lend a brief smidgeon their impressive talents to a task as significant as this. -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows From jra@baylink.com Wed Jul 11 05:32:49 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 11 Jul 2001 00:32:49 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <2962.994825769@2wire.com>; from J C Lawrence on Tue, Jul 10, 2001 at 09:29:29PM -0700 References: <2962.994825769@2wire.com> Message-ID: <20010711003249.22969@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 09:29:29PM -0700, J C Lawrence wrote: > It is clear that ICANN has demonstrated a clear willingness and > ability to move and act decisively in a manner which is both > technically astute and which supports the best interests of 'net > users in general. Surely, hopefully, they can be persuaded to lend > a brief smidgeon their impressive talents to a task as significant > as this. What *delightfully* understated sarcasm, Joe. You almost even caught me. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From barry@digicool.com Wed Jul 11 06:24:18 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed, 11 Jul 2001 01:24:18 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? References: <5.1.0.14.1.20010710161149.00a9feb0@laplaza.org> Message-ID: <15179.58114.31978.777495@anthem.wooz.org> >>>>> "CVR" == Chuq Von Rospach writes: CVR> Does that mean we need to write it up as an RFC, or should it CVR> go right to IEEE, since it's obviously ready? Or maybe we CVR> need to send it to ANSI? Definitely ISO. :) From barry@digicool.com Wed Jul 11 06:26:13 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed, 11 Jul 2001 01:26:13 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? References: <2962.994825769@2wire.com> Message-ID: <15179.58229.604239.900660@anthem.wooz.org> >>>>> "JCL" == J C Lawrence writes: JCL> It is clear that ICANN has demonstrated a clear willingness ---------------------------------------------------------^^^^^^^^^^^ I swear I first read this as "clear silliness", but maybe I'm just more tired than I think. ;) From claw@kanga.nu Wed Jul 11 06:39:26 2001 From: claw@kanga.nu (J C Lawrence) Date: Tue, 10 Jul 2001 22:39:26 -0700 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: Message from "Jay R. Ashworth" of "Wed, 11 Jul 2001 00:32:49 EDT." <20010711003249.22969@scfn.thpl.lib.fl.us> References: <2962.994825769@2wire.com> <20010711003249.22969@scfn.thpl.lib.fl.us> Message-ID: <13144.994829966@kanga.nu> On Wed, 11 Jul 2001 00:32:49 -0400 Jay R Ashworth wrote: > On Tue, Jul 10, 2001 at 09:29:29PM -0700, J C Lawrence wrote: >> It is clear that ICANN has demonstrated a clear willingness and >> ability to move and act decisively in a manner which is both >> technically astute and which supports the best interests of 'net >> users in general. Surely, hopefully, they can be persuaded to >> lend a brief smidgeon of their impressive talents to a task as >> significant as this. > What *delightfully* understated sarcasm, Joe. You almost even > caught me. I had to empty my cranium of marketing-speak before I became ill... -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ I never claimed to be human. From jra@baylink.com Wed Jul 11 07:08:59 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 11 Jul 2001 02:08:59 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <13144.994829966@kanga.nu>; from J C Lawrence on Tue, Jul 10, 2001 at 10:39:26PM -0700 References: <2962.994825769@2wire.com> <20010711003249.22969@scfn.thpl.lib.fl.us> <13144.994829966@kanga.nu> Message-ID: <20010711020859.49054@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 10:39:26PM -0700, J C Lawrence wrote: > On Wed, 11 Jul 2001 00:32:49 -0400 > Jay R Ashworth wrote: > > On Tue, Jul 10, 2001 at 09:29:29PM -0700, J C Lawrence wrote: > >> It is clear that ICANN has demonstrated a clear willingness and > >> ability to move and act decisively in a manner which is both > >> technically astute and which supports the best interests of 'net > >> users in general. Surely, hopefully, they can be persuaded to > >> lend a brief smidgeon of their impressive talents to a task as > >> significant as this. > > > What *delightfully* understated sarcasm, Joe. You almost even > > caught me. > > I had to empty my cranium of marketing-speak before I became ill... Good. I *didn't* blow it. :-) ObMailman: so, my Minstrel III comes in shortly; any chance we'll see wireless-friendly versions of the management pages? ;-) Cheers -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From jarrell@vt.edu Wed Jul 11 19:48:25 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Wed, 11 Jul 2001 14:48:25 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <20010711020859.49054@scfn.thpl.lib.fl.us> References: <2962.994825769@2wire.com> <20010711003249.22969@scfn.thpl.lib.fl.us> <13144.994829966@kanga.nu> Message-ID: <5.1.0.14.2.20010711144623.045f2af0@lennier.cc.vt.edu> At 02:08 AM 7/11/01 -0400, Jay R. Ashworth wrote: >ObMailman: so, my Minstrel III comes in shortly; any chance we'll see >wireless-friendly versions of the management pages? ;-) I've been debating writing WML friendly versions of it so I can do list administration from my startac. It's on the list of project to do in my copious spare time. I should start right about the time that holographic 1600x900 48bit 3d accelerated displays are the norm on the startac. (I'm just hoping that minstrel, or someone, jump on the bandwagon and support the new 505, since I can finally do cdpd in my area.) From barry@digicool.com Thu Jul 12 06:04:03 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Thu, 12 Jul 2001 01:04:03 -0400 Subject: [Mailman-Developers] 2.1 alpha 2 sneak peek Message-ID: <15181.12227.811640.779771@anthem.wooz.org> If you want a sneak peek at all the new stuff that's in MM2.1alpha2, take a look at http://sourceforge.net/project/shownotes.php?release_id=43200 It's actually rather a lot of stuff! SourceForge currently has about a 30 minute delay from file upload to publishing, so I don't think you'll be able to download anything right now. Plus I'm too tired to write up the announcement and update the web pages. That /may/ happen tomorrow, although I've got meetings most of the day, so the "official" announcement may not go out until Friday. Cheers, -Barry From barry@digicool.com Thu Jul 12 14:50:03 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Thu, 12 Jul 2001 09:50:03 -0400 Subject: [Mailman-Developers] 2.1 alpha 2 sneak peek References: <15181.12227.811640.779771@anthem.wooz.org> Message-ID: <15181.43787.668345.655414@anthem.wooz.org> If you downloaded the 2.1a2 tarball from SF before about 2 minutes ago, please disregard it and re-download it. There were a few buglet reports in my inbox this morning, so I fixed them and re-uploaded a new source tarball. Announcements will still not go out for at least a few hours. Thanks to Juan Carlos Rey Anaya and Mentor Cana! -Barry From barry@digicool.com Fri Jul 13 21:15:20 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Fri, 13 Jul 2001 16:15:20 -0400 Subject: [Mailman-Developers] [ANNOUNCE] Mailman 2.1 alpha 2 Message-ID: <15183.22232.119442.302021@anthem.wooz.org> This the official announcement for Mailman 2.1 alpha 2. Because it's an alpha, this announcement is only going out to the mailman-* mailing lists. I'll make two warnings: you probably should still not use this version for production systems (but TIA for any and all testing you do with it!), and I've already had a couple of bug fixes from early adopters. 2.1a2 should still be useful, but you might want to keep an eye on cvs and the mailman-checkins list for updates. I am only making the tarball available on SourceForge, so you'll need to go to http://sf.net/projects/mailman to grab it. You'll also need to upgrade to mimelib-0.4, so be sure to go to http://sf.net/projects/mimelib to grab and install that tarball first. To view the on-line documentation, see http://www.list.org/MM21/index.html or http://mailman.sf.net/MM21/index.html Below is an excerpt from the NEWS file for all the changes since 2.1alpha1. There are a bunch of new features coming down the pike, and I hope to have an alpha3 out soon. I'm also planning on doing much more stress testing of this version with real list traffic, and I'm hoping we'll start to get more languages integrated into cvs. Enjoy, -Barry -------------------- snip snip -------------------- 2.1 alpha 2 (11-Jul-2001) - Building o mimelib 0.4 is now required. Get it from http://mimelib.sf.net. If you've installed an earlier version of mimelib, you must upgrade. o /usr/local/mailman is now the default installation directory. Use configure's --prefix switch to change it back to the default (/home/mailman) or any other installation directory of your choice. - Security o Better definition of authentication domains. The following roles have been defined: user, list-admin, list-moderator, creator, site-admin. o There is now a separate role of "list moderator", which has access to the pending requests (admindb) page, but not the list configuration pages. o Subscription confirmations can now be performed via email or via URL. When a subscription is received, a unique (sha) confirm URL is generated in the confirmation message. Simply visiting this URL completes the subscription process. o In a similar manner, removal requests (via web or email command) no longer require the password. If the correct password is given, the removal is performed immediately. If no password is given, then a confirmation message is generated. - Internationalization o More I18N patches. The basic infrastructure should now be working correctly. Spanish templates and catalogs are included, and English, French, Hungarian, and Big5 templates are included. o Cascading specializations and internationalization of templates. Templates are now search for in the following order: list-specific location, domain-specific location, site-wide location, global defaults. Each search location is further qualified by the language being displayed. This means that you only need to change the templates that are different from the global defaults. Templates renamed: admlogin.txt => admlogin.html Templates added: private.html - Web UI o Redesigned the user options page. It now sits behind an authentication so user options cannot be viewed without the proper password. The other advantage is that the user's password need not be entered on the options page to unsubscribe or change option values. The login screen also provides for password mail-back, and unsubscription w/ confirmation. Other new features accessible from the user options page include: ability to change email address (with confirmation) both per-list and globally for all list on virtual domain; global membership password changing; global mail delivery disable/enable; ability to suppress password reminders both per-list and globally; logout button. [Note: the handle_opts cgi has gone away] o Color schemes for non-template based web pages can be defined via mm_cfg. o Redesign of the membership management page. The page is now split into three subcategories (Membership List, Mass Subscription, and Mass Removal). The Membership List subcategory now supports searching for member addresses by regular expression, and if necessary, it groups member addresses first alphabetically, and then by chunks. Mass Subscription and Mass Removal now support file upload, with one address per line. o Hyperlinks from the logos in the footers have been removed. The sponsors got too much "unsubscribe me!" spam from desperate user of Mailman at other sites. o New buttons on the digest admin page to send a digest immediately (if it's non-empty), to start a new digest volume with the next digest, and to select the interval with which to automatically start a new digest volume (yearly, monthly, quarterly, weekly, daily). DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration variable, initially set to give a new digest volume monthly. o Through-the-web list creation and removal, using a separate site-wide authentication role called the "list creator and destroyer" or simply "list creator". If the configuration variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by default, it's 0), then list admins can delete their own lists. This feature requires an adaptor for the particular MTA you're using. An adaptor for Postfix is included, as is a dumb adaptor that just emails mailman@yoursite with the necessary Sendmail style /etc/alias file changes. Some MTAs like Exim can be configured to automatically recognize new lists. The adaptor is selected via the MTA option in mm_cfg.py - Email UI o In email commands, "join" is a synonym for "subscribe". "remove" and "leave" are synonyms for "unsubscribe". New robot addresses are support to make subscribing and unsubscribing much easier: mylist-join@mysite mylist-leave@mysite o Confirmation messages have a shortened Subject: header, containing just the word "confirm" and the confirmation cookie. This should help for MUAs that like to wrap long Subject: lines, messing up confirmation. o Mailman now recognizes an Urgent: header, which, if it contains the list moderator or list administrator password, forces the message to be delivered immediately to all members (i.e. both regular and digest members). The message is also placed in the digest. If the password is incorrect, the message will be bounced back to the sender. - Performance o Refinements to the new qrunner subsystem which preserves FIFO order of messages. o The qrunner is no longer started from cron. It is started by a Un*x init-style script called bin/mailmanctl (see below). cron/qrunner has been removed. - Command line scripts o bin/mailmanctl script added, which is used to start, stop, and restart the qrunner daemon. o bin/qrunner script added which allows a single sub-qrunner to run once through its processing loop. o bin/change_pw script added (eases mass changing of list passwords). o bin/update grows a -f switch to force an update. o bin/newlang renamed to bin/addlang; bin/rmlang removed. o bin/mmsitepass has grown a -c option to set the list creator's password. The site-wide `create' web page is linked to from the admin overview page. o bin/newlist's -o option is removed. This script also grows a way of spelling the creation of a list in a specific virtual domain. o The `auto' script has been removed. o bin/dumpdb has grown -m/--marshal and -p/--pickle options. o bin/list_admins can be used to print the owners of a mailing list. o bin/genaliases regenerates from scratch the aliases and aliases.db file for the Postfix MTA. - Archiver o New archiver date clobbering option, which allows dates to only be clobber if they are outrageously out-of-date (default setting is 15 days on either side of received timestamp). New configuration variables: ARCHIVER_CLOBBER_DATE_POLICY ARCHIVER_ALLOWABLE_SANE_DATE_SKEW The archived copy of messages grows an X-List-Received-Date: header indicating the time the message was received by Mailman. o PRIVATE_ARCHIVE_URL configuration variable is removed (this can be calculated on the fly, and removing it actually makes site configuration easier). - Miscellaneous o Several new README's have been added. o Most syslog entries for the qrunner have been redirected to logs/error. o On SIGHUP, qrunner will re-open all its log files and restart all child processes. See "bin/mailmanctl restart". - Patches and bug fixes o SF patches and bug fixes applied: 420396, 424389, 227694, 426002, 401372 (partial), 401452. o Fixes in 2.0.5 ported forward: Fix a lock stagnation problem that can result when the user hits the `stop' button on their browser during a write operation that can take a long time (e.g. hitting the membership management admin page). o Fixes in 2.0.4 ported forward: Python 2.1 compatibility release. There were a few questionable constructs and uses of deprecated modules that caused annoying warnings when used with Python 2.1. This release quiets those warnings. o Fixes in 2.0.3 ported forward: Bug fix release. There was a small typo in 2.0.2 in ListAdmin.py for approving an already subscribed member (thanks Thomas!). Also, an update to the OpenWall security workaround (contrib/securelinux_fix.py) was included. Thanks to Marc Merlin. From gerald@impressive.net Fri Jul 13 21:43:59 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Fri, 13 Jul 2001 16:43:59 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <15183.22232.119442.302021@anthem.wooz.org>; from barry@digicool.com on Fri, Jul 13, 2001 at 04:15:20PM -0400 References: <15183.22232.119442.302021@anthem.wooz.org> Message-ID: <20010713164359.C19524@impressive.net> On Fri, Jul 13, 2001 at 04:15:20PM -0400, Barry A. Warsaw wrote: > > This the official announcement for Mailman 2.1 alpha 2. [...] > To view the on-line documentation, see > > http://www.list.org/MM21/index.html > 2.1 alpha 2 (11-Jul-2001) [ lots of extremely cool stuff deleted ] > o Subscription confirmations can now be performed via email or > via URL. When a subscription is received, a unique (sha) > confirm URL is generated in the confirmation message. > Simply visiting this URL completes the subscription process. This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) should not have side effects like confirming a subscription. A few months ago I sent mail to mailman-developers with a suggestion for how to implement this in a compliant way without hindering usability: http://mail.python.org/pipermail/mailman-developers/2001-January/003579.html mid:20010103022646.A31881@impressive.net I realize that a number of other sites misuse GET this way, but I think most of the large ones (e.g., Yahoo, online brokerages and banks, etc.) get it right, and I think Mailman should too. Further reading on GET vs POST: Forms: GET and POST http://www.w3.org/Provider/Style/Input Axioms of Web architecture: Identity, State and GET http://www.w3.org/DesignIssues/Axioms#state HTTP 1.1 section 9.1: Safe and Idempotent Methods http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1 HTML 4.01 section 17.13: Form submission http://www.w3.org/TR/html4/interact/forms.html#h-17.13 -- Gerald Oskoboiny http://impressive.net/people/gerald/ From chuqui@plaidworks.com Fri Jul 13 22:03:51 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Fri, 13 Jul 2001 14:03:51 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <20010713164359.C19524@impressive.net> Message-ID: On 7/13/01 1:43 PM, "Gerald Oskoboiny" wrote: > This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) > should not have side effects like confirming a subscription. My first reaction was "say what?" but I went and read the w3 stuff before responding... > I realize that a number of other sites misuse GET this way, but I > think most of the large ones (e.g., Yahoo, online brokerages and > banks, etc.) get it right, and I think Mailman should too. Because, frankly, I think w3 is wrong IN THIS CASE. That may make sense in a general case, especially on an HTTP only situation, but in this case, where the URL is being carried in e-mail to confirm an action the user has (presumably) started, I think they're wrong. As long as the e-mail clearly delineates the action being taken, do what's easy for the user; and the user isn't going to want to go clicking through multiple links just to allow us to abide to the HTTP stuff. But the key is this is a finalization of a distributed transaction, with e-mail distributing the token. Under other circumstances, I see W3's logic. Here, however, using a URL to bring up a page that says "click here to confirm" is only going to piss off Joe User, not make his life better. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Some days you're the dog, some days you're the hydrant. From ricardo@rixhq.nu Sat Jul 14 16:08:21 2001 From: ricardo@rixhq.nu (Ricardo F . Kustner) Date: Sat, 14 Jul 2001 17:08:21 +0200 Subject: [Mailman-Developers] module imports & performance Message-ID: <20010714170821.A6523@localhost> Hi, I finally was forced to upgrade my ancient slackware/libc5/linux2.0 system on which I'm running mailman (among other stuff) since the (old) disks were actually about to vaporize. The rest of the hardware stayed low-end (Pentium 90 with 64mb memory)... the new installation is running Progeny Debian 1.0, kernel 2.2.18 and Python 1.5.2 on a fresh new disk. I've installed mailman 2.0.5 straight from the source (package systems are great but for some apps I still prefer to compile it myself) Most of the components (apache,fastcgi,php and some perl scripts) don't show any difference in performance, but it looks like the mailman python scripts have decreased in performance dramatically... loading up a page in the webinterface takes about 7 seconds! After some playing around with python -i, I noticed that "from Mailman import MailList" takes about 4 seconds... Does anybody have any idea what's going on? maybe the python binary compiled into Debian isn't optimized enough for my system or could this be a problem in mailman? Regards, Ricardo From thomas@xs4all.net Sat Jul 14 16:27:48 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Sat, 14 Jul 2001 17:27:48 +0200 Subject: [Mailman-Developers] module imports & performance In-Reply-To: <20010714170821.A6523@localhost> References: <20010714170821.A6523@localhost> Message-ID: <20010714172748.X5396@xs4all.nl> On Sat, Jul 14, 2001 at 05:08:21PM +0200, Ricardo F . Kustner wrote: [ Ricardo reinstalls ] > Most of the components (apache,fastcgi,php and some perl scripts) don't show > any difference in performance, but it looks like the mailman python scripts > have decreased in performance dramatically... loading up a page in the > webinterface takes about 7 seconds! After some playing around with python > -i, I noticed that "from Mailman import MailList" takes about 4 seconds... > Does anybody have any idea what's going on? maybe the python binary compiled > into Debian isn't optimized enough for my system or could this be a problem > in mailman? Well, 'import MailList' triggers a lot of file loads, so the easiest target would be 'disk I/O'. But just to be sure: all your modules have '.pyc' variants as well ? You can check by doing something like bash-2.04$ cd /usr/local/mailman bash-2.04$ python Python 2.0 (#8, Mar 1 2001, 13:20:58) [GCC 2.95.2 19991024 (release)] on freebsd4 Type "copyright", "credits" or "license" for more information. >>> from Mailman import MailList >>> print MailList.__file__ Mailman/MailList.pyc If the latter says '.py' instead of '.pyc', that's your problem. The 'from Mailman import MailList' took only a faction of a second on that machine, by the way, but it's pretty high-end (1Ghz P3, 1Gb RAM, U160-SCSI, FreeBSD) so that isn't too suprising. If that isn't the problem, your best bet is to keep an eye on the system. 'iostat' (need to install it separately on Linux, I think) and 'vmstat' can deliver a lot of useful info about why a task is taking so long. -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From m.hubbard@ic.ac.uk Sat Jul 14 16:50:31 2001 From: m.hubbard@ic.ac.uk (Hubbard, Matt) Date: Sat, 14 Jul 2001 16:50:31 +0100 Subject: [Mailman-Developers] extended address checking feature.. any thoughts? Message-ID: Hi, Just looking over Mailman, as I intend to add in site-wide list configuration restrictions (most notably private_roster) before using it in service. Anyway, I thought it would be nice if Mailman could optionally integrate with the address checking features of exim. "exim -bvs user@somedomain" will first rewrite the address according to it's rule set and then check that the mail domain is valid. If the domain is local, it will check that local part of the address is valid too. I think it could be worth doing something with the rewritten address as that is what the underlying MTA will do with the email address. If exim wouldn't be able to route mail to the mail domain of a given subscription address or perform a local delivery, then there wouldn't be much point Mailman generating a confirmation request to it. Does anyone else think this would be useful? Or a particularly bad idea? On a connected matter, should Utils._badchars also contain $, %, slashes and various forms of quote marks. Cheers, Matt. From ricardo@rixhq.nu Sat Jul 14 17:11:23 2001 From: ricardo@rixhq.nu (Ricardo Kustner) Date: Sat, 14 Jul 2001 18:11:23 +0200 Subject: [Mailman-Developers] module imports & performance In-Reply-To: <20010714172748.X5396@xs4all.nl>; from thomas@xs4all.net on Sat, Jul 14, 2001 at 05:27:48PM +0200 References: <20010714170821.A6523@localhost> <20010714172748.X5396@xs4all.nl> Message-ID: <20010714181122.B6523@localhost> On Sat, Jul 14, 2001 at 05:27:48PM +0200, Thomas Wouters wrote: > On Sat, Jul 14, 2001 at 05:08:21PM +0200, Ricardo F . Kustner wrote: > > Most of the components (apache,fastcgi,php and some perl scripts) don't show > > any difference in performance, but it looks like the mailman python scripts > > have decreased in performance dramatically... loading up a page in the > > webinterface takes about 7 seconds! After some playing around with python > > -i, I noticed that "from Mailman import MailList" takes about 4 seconds... > Well, 'import MailList' triggers a lot of file loads, so the easiest target > would be 'disk I/O'. But just to be sure: all your modules have '.pyc' > variants as well ? You can check by doing something like > >>> from Mailman import MailList > >>> print MailList.__file__ > Mailman/MailList.pyc > If the latter says '.py' instead of '.pyc', that's your problem. well it says ".pyc"... so that seems to be okay... > If that isn't the problem, your best bet is to keep an eye on the system. > 'iostat' (need to install it separately on Linux, I think) and 'vmstat' can > deliver a lot of useful info about why a task is taking so long. I'm afraid you might be right about that... it could be the disk I/O but I'm not sure yet... it's weird though, the previous setup had a very old disk so I don't understand why it has become that much slower now with a much newer disk. Oh well, at least I'm pretty sure now the real problem isn't in python or mailman... I guess I'll need to do some more testing with the disk performance. I don't even dare to think how much trouble qrunner might be getting with the file access :( Thanks for the help... Regards, Ricardo From barry@digicool.com Sat Jul 14 17:55:04 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Sat, 14 Jul 2001 12:55:04 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 References: <20010713164359.C19524@impressive.net> Message-ID: <15184.31080.663487.123985@anthem.wooz.org> >>>>> "CVR" == Chuq Von Rospach writes: >> I realize that a number of other sites misuse GET this way, but >> I think most of the large ones (e.g., Yahoo, online brokerages >> and banks, etc.) get it right, and I think Mailman should too. CVR> Because, frankly, I think w3 is wrong IN THIS CASE. That may CVR> make sense in a general case, especially on an HTTP only CVR> situation, but in this case, where the URL is being carried CVR> in e-mail to confirm an action the user has (presumably) CVR> started, I think they're wrong. As long as the e-mail clearly CVR> delineates the action being taken, do what's easy for the CVR> user; and the user isn't going to want to go clicking through CVR> multiple links just to allow us to abide to the HTTP stuff. CVR> But the key is this is a finalization of a distributed CVR> transaction, with e-mail distributing the token. Under other CVR> circumstances, I see W3's logic. Here, however, using a URL CVR> to bring up a page that says "click here to confirm" is only CVR> going to piss off Joe User, not make his life better. I agree with Chuq. The user isn't going to understand the distinction and is just going to be annoyed by having to do, what to them seems like an extra unnecessary step. -Barry From gerald@impressive.net Sun Jul 15 00:32:01 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Sat, 14 Jul 2001 19:32:01 -0400 Subject: [Mailman-Developers] subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: ; from chuqui@plaidworks.com on Fri, Jul 13, 2001 at 02:03:51PM -0700 References: <20010713164359.C19524@impressive.net> Message-ID: <20010714193201.A31163@impressive.net> On Fri, Jul 13, 2001 at 02:03:51PM -0700, Chuq Von Rospach wrote: > On 7/13/01 1:43 PM, "Gerald Oskoboiny" wrote: > > > This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) > > should not have side effects like confirming a subscription. > > My first reaction was "say what?" but I went and read the w3 stuff before > responding... Note that "the w3 stuff" includes the standards-track RFC 2616 (HTTP/1.1), the HTML 4.01 specification, and supplementary notes by the creator of the HTTP protocol (incl its GET and POST methods); they're not just a few random pages on w3.org :) > > I realize that a number of other sites misuse GET this way, but I > > think most of the large ones (e.g., Yahoo, online brokerages and > > banks, etc.) get it right, and I think Mailman should too. > > Because, frankly, I think w3 is wrong IN THIS CASE. That may make sense in a > general case, especially on an HTTP only situation, but in this case, where > the URL is being carried in e-mail to confirm an action the user has > (presumably) started, I think they're wrong. A couple of the references I gave in my previous message included this specific example (confirming a subscription) as a case where POST should be used instead of GET, so I think it is quite clear that the specs do apply in this specific case. Regarding "I think they're wrong", I respect your opinion, but the HTTP spec is the result of a decade of work on and experience with HTTP by full-time web protocol geeks... > As long as the e-mail clearly > delineates the action being taken, do what's easy for the user; and the user > isn't going to want to go clicking through multiple links just to allow us > to abide to the HTTP stuff. What if I have a smart system on my desktop PC that is configured to prefetch any URLs it sees in my incoming email, so there is zero latency when I go to read them later? (or so I can read them while offline, on a train or plane or something) That would allow anyone in the world to sign me up for any mailman-backed mailing list, whether or not I even see the email confirmation requests. And that would be Mailman's fault, for misusing HTTP GETs. > But the key is this is a finalization of a distributed transaction, with > e-mail distributing the token. Under other circumstances, I see W3's logic. > Here, however, using a URL to bring up a page that says "click here to > confirm" is only going to piss off Joe User, not make his life better. I disagree: a large part of the reason for the distinction between GET and POST is a social/usability one: people should become accustomed to following hypertext links and clicking on URLs without any action being taken. (personally, I cut and paste URLs into my browser all the time without checking carefully what they appear to be first, so when I actually want to read what's there, I don't have to wait for the browser. Of course, I only do that because I don't have that prefetching thing set up... yet.) btw, part of the reason I care about this is that I work for W3C and am currently evaluating mailman for use on lists.w3.org (to replace smartlist) and we're pretty fussy about complying with our own specs, for obvious reasons. But I'd be making this argument whether or not that were the case, since it's clearly the Right Thing to do imho... -- Gerald Oskoboiny http://impressive.net/people/gerald/ From forrie@navipath.com Sun Jul 15 01:28:14 2001 From: forrie@navipath.com (Forrest Aldrich) Date: Sat, 14 Jul 2001 20:28:14 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: References: <20010713164359.C19524@impressive.net> Message-ID: <5.1.0.14.2.20010714202735.02532cd0@216.67.14.8> I'd be happy with an admin-configurable option to either do traditional subscription confirmation or the http method. At 02:03 PM 7/13/2001 -0700, Chuq Von Rospach wrote: >On 7/13/01 1:43 PM, "Gerald Oskoboiny" wrote: > > > This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) > > should not have side effects like confirming a subscription. > >My first reaction was "say what?" but I went and read the w3 stuff before >responding... > > > I realize that a number of other sites misuse GET this way, but I > > think most of the large ones (e.g., Yahoo, online brokerages and > > banks, etc.) get it right, and I think Mailman should too. > >Because, frankly, I think w3 is wrong IN THIS CASE. That may make sense in a >general case, especially on an HTTP only situation, but in this case, where >the URL is being carried in e-mail to confirm an action the user has >(presumably) started, I think they're wrong. As long as the e-mail clearly >delineates the action being taken, do what's easy for the user; and the user >isn't going to want to go clicking through multiple links just to allow us >to abide to the HTTP stuff. > >But the key is this is a finalization of a distributed transaction, with >e-mail distributing the token. Under other circumstances, I see W3's logic. >Here, however, using a URL to bring up a page that says "click here to >confirm" is only going to piss off Joe User, not make his life better. > >-- >Chuq Von Rospach, Internet Gnome >[ = = ] >Yes, yes, I've finally finished my home page. Lucky you. > >Some days you're the dog, some days you're the hydrant. > > > > >------------------------------------------------------ >Mailman-Users maillist - Mailman-Users@python.org >http://mail.python.org/mailman/listinfo/mailman-users From chuqui@plaidworks.com Sun Jul 15 04:49:34 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Sat, 14 Jul 2001 20:49:34 -0700 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010714193201.A31163@impressive.net> Message-ID: On 7/14/01 4:32 PM, "Gerald Oskoboiny" wrote: > Regarding "I think they're wrong", I respect your opinion, but > the HTTP spec is the result of a decade of work on and experience > with HTTP by full-time web protocol geeks... But web geeks are not necessarily user-interface or user-experience geeks. You can perfectly correctly build a nice system that's technically correct, but not right for the users. > What if I have a smart system on my desktop PC that is configured > to prefetch any URLs it sees in my incoming email, Given the number of viruses, spam with URLs and other garbage out there, I'd say you're foolish (bordering on stupid), but that's beside the point. It is an interesting issue, one I can't toss out easily; but I'm not convinced, either. I think it's something that needs to be hashed over, perhaps prototyped both ways so we can see the best way to tweak it. Barry, what do you think about this instance? As the net moves more towards wireless, PDA, mobile-phone, stuff, could we be setting ourselves up for a later problem by ignoring this pre-cache issue Gerald's raised? Gerald, does W3 have sample pages for "right" and "wrong" that can be looked at, or are we going to have to develop some? The more I think about this, the more I think it's case where we ought to see if we can develop a prototype that follows the standards that we like, rather than toss it out at first glance. But if we can't come up with a system that we agree is 'easy enough', then we should go to what we're currently thinking. > That would allow anyone in the world to sign me up for any > mailman-backed mailing list, whether or not I even see the email > confirmation requests. And that would be Mailman's fault, for > misusing HTTP GETs. In disagree with this -- since as you say, any number of places already misuse GET, that usage is fairly common. A user who sets themselves up for it should know (or be warned by their mail client) that it has the possibility to trigger events. I'd say it's more a client issue than a Mailman issue. And, thinking about it, since GET *can* do this, it's probably wrong for W3 to push for it not to be used that way, because if things like your pre-caching system come into common use, the dark side of the net will take advantage of it, the way early virus writers took advantage of mail clients with auto-exec of .EXE's being on by default. So aren't you setting yourself up for problems by having a technology that can, even if you deprecate it, because it sets a user expectation that's going to be broken by those wanting to take advantage of it? I've got a bad feeling about this -- your example seems to set yourself up for abuse by those looking for ways ot abuse you, and that's a bigger issue than Mailman using it -- because if all of the 'white side' programs cooperate, it just encourages creation of things (like the pre-caching) that the dark side will take adavantage of. As long as GET is capable of being used this way, I'd be very careful about creating stuff that depends on "we don't want it used this way, so it won't be" -- it seems to open up avenues for attack. Which is not a reason for mailman to ignore the standard -- but a bigger issue about whether this standard creates a perception that could come back and bite people. If people start creating services (like that pre-cache) that get tripped up by this, even if the white hats follow your advice, you're still at risk from the black hats. Isn't it better to acknowledge the capability and not create services that depend on "well behaved" systems? >Of course, I only do > that because I don't have that prefetching thing set up... yet.) At this point, I'd never turn on pre-fectching, since it's safety depends entirely no voluntary cooperation, and you aren't in a position to police until after the fact. That's a Bad Thing in a big way. > btw, part of the reason I care about this is that I work for W3C > and am currently evaluating mailman for use on lists.w3.org (to > replace smartlist) and we're pretty fussy about complying with > our own specs, for obvious reasons. As you should be. > But I'd be making this > argument whether or not that were the case, since it's clearly > the Right Thing to do imho... And the more I think about it, the more it's an interesting point -- but on more than one level. Has W3c considered the implications of defining a standard that depends on voluntary acceptance here? Because the service you propose is unsafe unless you can guarantee everyone you talk to is compliant, and we know how likely that's going to be. That, to me, is a much bigger issue than whether or not Mailman complies, and in fact, I could make an argument that the standard isnt' acceptable if it's going to be a basis for services that can cause harm but requires voluntary acceptance on the server side. By the time you figure out the server isn't complying, they've burnt down the barn and run off with the horse. That's bad. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Someday, we'll look back on this, laugh nervously and change the subject. From satyap@satya.virtualave.net Sun Jul 15 05:23:07 2001 From: satyap@satya.virtualave.net (Satya) Date: Sun, 15 Jul 2001 09:53:07 +0530 (IST) Subject: [Mailman-Developers] subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010714193201.A31163@impressive.net> Message-ID: On Jul 14, 2001 at 19:32, Gerald Oskoboiny wrote: >our own specs, for obvious reasons. But I'd be making this >argument whether or not that were the case, since it's clearly >the Right Thing to do imho... Yeah, like that List-* headers :-) -- Satya. US-bound grad students! For pre-apps, see It ALWAYS goes wrong, especially if it's mission critical! From juergen.erhard@gmx.net Sun Jul 15 09:17:21 2001 From: juergen.erhard@gmx.net (=?ISO-8859-1?Q?=22J=FCrgen_A=2E_Erhard=22?=) Date: Sun, 15 Jul 2001 10:17:21 +0200 Subject: [Mailman-Developers] Bug in mail->news gateway in 2.0.5 (and *simple* fix) Message-ID: <15072001.3@wanderer.local.jae.ddns.org> --pgp-sign-Multipart_Sun_Jul_15_10:17:17_2001-1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Bug: in Mailman/Handlers/ToUsenet.py, there are spaces inserted after colons where they are missing ("NNTP is strict about spaces after the colon in headers"). If a colon appears in a continuation line, it is treated as a header colon. Fix: skip lines that start with whitespace. For those interested, the history of the finding of the bug: Problem: my signed emails appeared on Usenet garbled. The multipart boundary had an extra space inserted (which of course the actual boundaries hadn't). After some exchange with Martin Armstrong (who made me aware of this) we concluded it had to be the mail->news gateway (as my direct mail to him, also signed, wasn't garbled). I then investigated ToUsenet.py, and found the error. Why this hasn't hit a lot more often is simple: most MUA seem to use some random gibberish as the boundary string. SEMI doesn't... Of course, if this is fixed in 2.1, you can ignore this (assuming that it comes out soonish ;-) Bye, J --=20 J=FCrgen A. Erhard (juergen.erhard@gmx.net, jae@users.sourceforge.net) MARS: http://members.tripod.com/Juergen_Erhard/mars_index.html Life's Better Without Braces (http://www.python.org) I wish I had more energy -- or less ambition. --pgp-sign-Multipart_Sun_Jul_15_10:17:17_2001-1 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjtRUZEACgkQN0B+CS56qs2RHwCfVKc6xD3xyGkGRayEKzv617QO TEgAoJE5GHnbYXMTN1sNcjgleBZ2dRwU =jdkM -----END PGP SIGNATURE----- --pgp-sign-Multipart_Sun_Jul_15_10:17:17_2001-1-- From john.read@newnet-marketing.de Sun Jul 15 15:20:15 2001 From: john.read@newnet-marketing.de (John Read) Date: Sun, 15 Jul 2001 16:20:15 +0200 Subject: [Mailman-Developers] mailmanctl patch Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0000_01C10D4A.08148CB0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi, after installing the new beta version I found that not having starting, and stopping messages in the mailmanctl was confusing when it was included in the Linux startup scripts. All other system services have a short message stating what they doing during the boot phase. I have included the start, restart, and stop messages into mailmanctl, and included the changes in a short patch file. (Its only three lines of code so dont get excited!!) Otherwise the installation, and testing so far has been without any problems. Great software. -- John Read NewNet Marketing Tel: +49-8076-8879818 Fax: +49-8076-8879819 ------=_NextPart_000_0000_01C10D4A.08148CB0 Content-Type: application/octet-stream; name="mailmanctl.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="mailmanctl.patch" --- bin/mailmanctl.org Sun Jul 15 15:53:41 2001=0A= +++ bin/mailmanctl Sun Jul 15 15:58:53 2001=0A= @@ -133,11 +133,13 @@=0A= # Sent the master qrunner process a SIGINT, which is equivalent = to=0A= # giving cron/qrunner a ctrl-c or KeyboardInterrupt. This will=0A= # effectively shut everything down.=0A= + print 'Shutting down Mailman Qrunner'=0A= kill_subrunners(signal.SIGINT)=0A= elif command =3D=3D 'restart':=0A= # Sent the master qrunner process a SIGHUP. This will cause the=0A= # master qrunner to kill and restart all the worker qrunners, = and to=0A= # close and re-open its log files.=0A= + print 'Restarting Mailman Qrunner'=0A= kill_subrunners(signal.SIGHUP)=0A= else:=0A= # Must be `start'=0A= @@ -145,6 +147,7 @@=0A= # Daemon process startup according to Stevens, Advanced = Programming in=0A= # the UNIX Environment, Chapter 13.=0A= if os.fork():=0A= + print 'Starting Mailman Qrunner'=0A= # parent=0A= sys.exit(0)=0A= # child=0A= ------=_NextPart_000_0000_01C10D4A.08148CB0-- From jra@baylink.com Sun Jul 15 16:16:33 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Sun, 15 Jul 2001 11:16:33 -0400 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: ; from Chuq Von Rospach on Sat, Jul 14, 2001 at 08:49:34PM -0700 References: <20010714193201.A31163@impressive.net> Message-ID: <20010715111633.01631@scfn.thpl.lib.fl.us> On Sat, Jul 14, 2001 at 08:49:34PM -0700, Chuq Von Rospach wrote: > > What if I have a smart system on my desktop PC that is configured > > to prefetch any URLs it sees in my incoming email, > > Given the number of viruses, spam with URLs and other garbage out there, I'd > say you're foolish (bordering on stupid), but that's beside the point. It is > an interesting issue, one I can't toss out easily; but I'm not convinced, > either. I think it's something that needs to be hashed over, perhaps > prototyped both ways so we can see the best way to tweak it. > > Barry, what do you think about this instance? As the net moves more towards > wireless, PDA, mobile-phone, stuff, could we be setting ourselves up for a > later problem by ignoring this pre-cache issue Gerald's raised? What *I* think is that it's a special case, and any such pre-fetch system ought to, by default, *not* pre-fetch anything with GET parameters in it. *All* GETs have side effects by definition: you get something different depending on what the parameters are. > > That would allow anyone in the world to sign me up for any > > mailman-backed mailing list, whether or not I even see the email > > confirmation requests. And that would be Mailman's fault, for > > misusing HTTP GETs. > > I disagree with this -- since as you say, any number of places already > misuse GET, that usage is fairly common. A user who sets themselves up for > it should know (or be warned by their mail client) that it has the > possibility to trigger events. I'd say it's more a client issue than a > Mailman issue. Concur. And I base my opinion on 15 years of systems design experience, FWIW. > And, thinking about it, since GET *can* do this, it's probably wrong for W3 > to push for it not to be used that way, because if things like your > pre-caching system come into common use, the dark side of the net will take > advantage of it, the way early virus writers took advantage of mail clients > with auto-exec of .EXE's being on by default. So aren't you setting yourself > up for problems by having a technology that can, even if you deprecate it, > because it sets a user expectation that's going to be broken by those > wanting to take advantage of it? I've got a bad feeling about this -- your > example seems to set yourself up for abuse by those looking for ways ot > abuse you, and that's a bigger issue than Mailman using it -- because if all > of the 'white side' programs cooperate, it just encourages creation of > things (like the pre-caching) that the dark side will take adavantage of. Well put, young pilot. > >Of course, I only do > > that because I don't have that prefetching thing set up... yet.) > > At this point, I'd never turn on pre-fectching, since it's safety depends > entirely no voluntary cooperation, and you aren't in a position to police > until after the fact. That's a Bad Thing in a big way. Well, yeah, but you don't have a palmtop, either, Chuq, right? :-) > > But I'd be making this > > argument whether or not that were the case, since it's clearly > > the Right Thing to do imho... > > And the more I think about it, the more it's an interesting point -- but on > more than one level. Has W3c considered the implications of defining a > standard that depends on voluntary acceptance here? Because the service you > propose is unsafe unless you can guarantee everyone you talk to is > compliant, and we know how likely that's going to be. That, to me, is a much > bigger issue than whether or not Mailman complies, and in fact, I could make > an argument that the standard isnt' acceptable if it's going to be a basis > for services that can cause harm but requires voluntary acceptance on the > server side. By the time you figure out the server isn't complying, they've > burnt down the barn and run off with the horse. That's bad. I can't find a thing to argue with here; let's see what he comes up with... Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From chuqui@plaidworks.com Sun Jul 15 18:57:56 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Sun, 15 Jul 2001 10:57:56 -0700 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010715111633.01631@scfn.thpl.lib.fl.us> Message-ID: On 7/15/01 8:16 AM, "Jay R. Ashworth" wrote: > What *I* think is that it's a special case, and any such pre-fetch > system ought to, by default, *not* pre-fetch anything with GET > parameters in it. That was what I was thinking, too -- no matter what W3 says, building a tool that pre-fetches those by default is like Microsoft defaulting .EXE execution to yes, or sendmail defaulting to open relay like it did in 8.8 and before. Those are situations just waiting for someone to take advantage of it, and the whitehats won't be the someones. > Well put, young pilot. Young? Young? Where's my walker? (as an irrelevant side note, Apple finally hired me an assistant, who was -- literally -- not potty trained when I used my first Unix system. Good kid. Well, man. He's no kid... But he's getting going to get tired of the "In the Good Old Days.." jokes...) >> At this point, I'd never turn on pre-fectching, since it's safety depends >> entirely no voluntary cooperation, and you aren't in a position to police >> until after the fact. That's a Bad Thing in a big way. > > Well, yeah, but you don't have a palmtop, either, Chuq, right? :-) I have a Handspring and my primary machine is a wireless laptop (a Titanium!). Do I need a palmtop? Of course, none of this deals iwht whether Mailman should use GET or POST. That GET is inherently unsafe doesn't mean that it's therefore okay for Mailman to use it -- I still think we need to look at this further. It simply means, IMHO, that if we choose to not follow the W3 standard, that it's fairly safe to do so. And, editorial comment time, the subject line is a classic example of why subject line topic flags are the second worst damn thing you can do to a mailing list -- after coercing reply-to. How in the bloody heck is someone supposed to look at THAT and figure out whether they want to read the message? And my user studies have shown that subject line is the key determinant on whether a list message gets read. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Shroedinger: We can never really be sure which side of the road the chicken is on. It's all a matter of chance. Like a game of dice. Einstein, refuting Schroedinger: God does not play dice with chickens. Heisenburg: We can determine how fast the chicken travelled, or where it ended up, but we cannot determine why it did so. From cdy@algonet.se Mon Jul 16 13:07:52 2001 From: cdy@algonet.se (Calle Dybedahl) Date: 16 Jul 2001 14:07:52 +0200 Subject: [Mailman-Developers] Re: [Mailman-Announce] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <15183.22232.119442.302021@anthem.wooz.org> References: <15183.22232.119442.302021@anthem.wooz.org> Message-ID: <86n1659iw7.fsf@tezcatlipoca.algonet.se> Some time ago, we had a consultant write us some code for MailMan to implement a feature found in LISTSERV, so that we could stop using that listhandler. The feature in question is the ability to put a limit on how many members can be subscribed to a list. The code was written GPL:ed, and in the contract we stipulated that it be submitted to you, the MailMan maintainers, so that it could be included in future releases of MailMan. Since this anouncement displays no trace of such functionality, I'd just like to ask if you have rejected the code, or if it for some reason never reached you? -- Calle Dybedahl | UNIX-admin | Telenordia Internet | cdy@algonet.se From honey bear Mon Jul 16 21:20:41 2001 From: honey bear (honey bear) Date: Mon, 16 Jul 2001 16:20:41 -0400 Subject: [Mailman-Developers] Modifying -join and -leave addresses Message-ID: <20010716162041.A21879@ender.mutualslump.net> Quick (and hopefully easy) question: how would I modify the mailman code to have the -join and -leave addresses become -on and -off respectively? This is probably relatively simple but I'm not at all familiar with the code or the workings of mailman. thanks, jeremy -- "Rabbit's clever," said Pooh thoughtfully. "Yes," said Piglet, "Rabbit's clever." "And he has Brain." "Yes," said Piglet, "Rabbit has Brain." There was a long silence. "I suppose," said Pooh, "that that's why he never understands anything." From ray@qlitech.net Mon Jul 16 21:43:51 2001 From: ray@qlitech.net (Ray Sanders) Date: Mon, 16 Jul 2001 15:43:51 -0500 Subject: [Mailman-Developers] Security Issues? Message-ID: <3B535207.8080300@qlitech.net> Are there any know security issues with Mailman? I beleive I have found on on our local Linux Users Group mailing list. If the developer who is in charge of mailing list password mamagement could e-mail me in private. I would very much appreciate it. (So would our LUG) Thanks in advance! -- ===================================================== Ray Sanders - QLITech Linux Computers http://www.qlitech.net ray@qlitech.net 1-877-24-LINUX (Toll Free) ===================================================== From Dale Newfield Mon Jul 16 21:53:28 2001 From: Dale Newfield (Dale Newfield) Date: Mon, 16 Jul 2001 16:53:28 -0400 (EDT) Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010715111633.01631@scfn.thpl.lib.fl.us> Message-ID: On Sun, 15 Jul 2001, Jay R. Ashworth wrote: > What *I* think is that it's a special case, and any such pre-fetch > system ought to, by default, *not* pre-fetch anything with GET > parameters in it. > > *All* GETs have side effects by definition: you get something > different depending on what the parameters are. Right--but they don't necessarily have side effects. For example, I think GETs are the right way to do the panes in these pages: http://www.wunderland.com/LooneyLabs/Chrononauts/lostids/view.html And there's no reason all of those pages (database entries) shouldn't be pre-fetchable. -Dale Newfield Dale@Newfield.org From simon.troup@digitalmusicart.com Mon Jul 16 22:30:01 2001 From: simon.troup@digitalmusicart.com (Simon Troup) Date: Mon, 16 Jul 2001 22:30:01 +0100 Subject: [Mailman-Developers] Please Explain !!! Message-ID: > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --MS_Mac_OE_3078167401_392510_MIME_Part Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Can anyone please explain why, after joining the Mailman Users mailing list, I have been bombarded by dozens of emails that appear to orinate form mailing lists at portal2.com and outblaze.com and are addressed to sardy5@graffiti.net (not me !! My email appears in "Envelope to"). I also received over 4,000 (yes 4,000) bounced emails telling me that my (not actually my but sardy5@graffiti.net) subscription to some mailing list had failed. This has wasted an entire day for me. If you know what link there is between Mailman and portal2.com or outblaze.com please let me know. How could the emails get mixed up like this? I have now received mail from the Mailman Developers list addressed to sardy5@graffiti.net which is why I am posting here. My emails to outblaze.com have gone unanswered and now I am desperate to stop this unwanted bombardment of mail. Is someone collecting email addresses from the Mailman mailing lists ??? Any help greatly appreciated, I only want to receive my own mail, and getting dozens and dozens of misdirected mail on my sad English 56k connection is killing my system. Simon Troup simon.troup@digitalmusicart.com --MS_Mac_OE_3078167401_392510_MIME_Part Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable Please Explain !!! Can anyone please explain why, after joining the Mailman Users mailing = list, I have been bombarded by dozens of emails that appear to orinate form = mailing lists at portal2.com and outblaze.com and are addressed to sardy5@graffiti.net (not me !! My email appears i= n "Envelope to").

I also received over 4,000 (yes 4,000) bounced emails telling me that my (n= ot actually my but sardy5@graffiti.net) = subscription to some mailing list had failed.

This has wasted an entire day for me.

If you know what link there is between Mailman and portal2.com or outblaze.= com please let me know. How could the emails get mixed up like this?

I have now received mail from the Mailman Developers list addressed to sardy5@graffiti.net which is why I am postin= g here. My emails to outblaze.com have gone unanswered and now I am desperat= e to stop this unwanted bombardment of mail.

Is someone collecting email addresses from the Mailman mailing lists ???
Any help greatly appreciated, I only want to receive my own mail, and getti= ng dozens and dozens of misdirected mail on my sad English 56k connection is= killing my system.

Simon Troup
simon.troup@digitalmusicart.com --MS_Mac_OE_3078167401_392510_MIME_Part-- From chuqui@plaidworks.com Mon Jul 16 22:40:53 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 14:40:53 -0700 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: Message-ID: > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3078139253_532635 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable On 7/16/01 2:30 PM, "Simon Troup" wrote: > Can anyone please explain why, after joining the Mailman Users mailing li= st, I > have been bombarded by dozens of emails that appear to orinate form maili= ng > lists at portal2.com and outblaze.com and are addressed to sardy5@graffit= i.net > (not me !! My email appears in "Envelope to"). I=B9m not seeing them. It=B9s likely coincidence =8B post a few headers, includin= g Received, so we can see what=B9s going on. FWIW, outblaze is an imploding black hole. I=B9m not surprised at all it=B9s barfing at you =8B it=B9s barfing at everyone, for all of the domains it is hosting. It=B9s been dying for about 2 months now, since the iname/mail.com people offloaded it=B9s free domains on it. --=20 Chuq Von Rospach, Internet Gnome [ =3D =3D ] Yes, yes, I've finally finished my home page. Lucky you. The Pinball Machine Rule is the observation that it doesn't matter a wit if the instructions are printed clearly for all to see, nobody will read them. They'll just drop their quarter(s) and start pushing buttons like a Tommy. -- Barry Warsaw --B_3078139253_532635 Content-type: text/html; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable Re: [Mailman-Developers] Please Explain !!! On 7/16/01 2:30 PM, "Simon Troup" <simon.= troup@digitalmusicart.com> wrote:

Can anyone please explain why, a= fter joining the Mailman Users mailing list, I have been bombarded by dozens= of emails that appear to orinate form mailing lists at portal2.com and outb= laze.com and are addressed to sardy5@graffiti.net (not me !! My email appears in "Envelope to").

I’m not seeing them. It’s likely coincidence — post a few= headers, including Received, so we can see what’s going on.

FWIW, outblaze is an imploding black hole. I’m not surprised at all i= t’s barfing at you — it’s barfing at everyone, for all of = the domains it is hosting. It’s been dying for about 2 months now, sin= ce the iname/mail.com people offloaded it’s free domains on it.


--
Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
[<chuqui@plaidworks.com> =3D <me@chuqui.com> =3D <chuq@apple.com= >]
Yes, yes, I've finally finished my home page. Lucky you.

The Pinball Machine Rule is the observation that it doesn't matter a wit if=
the instructions are printed clearly for all to see, nobody will read
them.  They'll just drop their quarter(s) and start pushing buttons like a Tommy. -- Barry Warsaw


 --B_3078139253_532635-- From simon.troup@digitalmusicart.com Mon Jul 16 22:55:38 2001 From: simon.troup@digitalmusicart.com (Simon Troup) Date: Mon, 16 Jul 2001 22:55:38 +0100 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: Message-ID: > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --MS_Mac_OE_3078168938_484959_MIME_Part Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Firstly, I have no idea why I'm getting mail from the Mailman Dev list, I didn't join it !!! Note also that I have not subscribed to any lists on outblaze.com / portal2.com and this is I believe a result of joining the mailman lists (happened 2 min after and I started getting post form mailman-dev too, only subscribed to mailman-users). Here's an example of what I've been getting ... Thanks ======================================= Return-path: Envelope-to: simon.troup@digitalmusicart.com Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400 Received: from tower.portal2.com ([202.77.223.18]) by dropkick.trouble-free.net with smtp (Exim 3.20 #1) id 15MAJf-0002p9-00 for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11:29:51 -0400 Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000 Delivered-To: sardy5@graffiti.net Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) (202.123.209.136) by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000 Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com [202.123.209.174]) by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6GFTvT31659 for ; Mon, 16 Jul 2001 15:29:57 GMT Message-ID: Content-Type: text/html; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) From: "Gloria Mui" To: "Doramail Mailing List" Date: Sun, 15 Jul 2001 01:58:53 +0800 Subject: [doratalk] Re: Hi List-Unsubscribe: Reply-To: "Doramail Mailing List" my english is ok... doramon is very cute, pokemon is ok. i dont really like them. sometimes, i think the cartoon is stupid...but many kids like it in canada...they are crazy for pokemon... are u chinese?? -- Get your free email from www.doramail.com with 30 Megs of disk space in webhosting and e-mail storage! Powered by Outblaze -- You are currently subscribed to doratalk as: sardy5@graffiti.net To unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com --MS_Mac_OE_3078168938_484959_MIME_Part Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable Re: [Mailman-Developers] Please Explain !!! Firstly, I have no idea why I'm getting mail from the Mailman Dev list, I d= idn't join it !!!

Note also that I have not subscribed to any lists on outblaze.com / portal2= .com and this is I believe a result of joining the mailman lists (happened 2= min after and I started getting post form mailman-dev too, only subscribed = to mailman-users).

Here's an example of what I've been getting ...

Thanks

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Return-path: <bounce-doratalk-3118081= @list.doramail.com>
Envelope-to: simon.troup@digitalmusicart.com
Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400
Received: from tower.portal2.com ([202.77.223.18])
   by dropkick.trouble-free.net with smtp (Exim 3.20 #1)    id 15MAJf-0002p9-00
   for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11= :29:51 -0400
Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000
Delivered-To: sardy5@graffiti.net
Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) (2= 02.123.209.136)
 by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000
Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com [= 202.123.209.174])
   by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6= GFTvT31659
   for <sardy5@graffiti.net>; Mon, 16 Jul 2001 15:29:= 57 GMT
Message-ID: <LYRIS-3118081-45495-2001.07.16-12.20.20--sardy5#graffiti.ne= t@list.doramail.com>
Content-Type: text/html; charset=3D"iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
From: "Gloria Mui" <gloriamui@doramail.com>
To: "Doramail Mailing List" <doratalk@list.doramail.com> Date: Sun, 15 Jul 2001 01:58:53 +0800
Subject: [doratalk] Re: Hi
List-Unsubscribe: <mailto:leave-doratalk-3118081O@list.doramail.com><= BR> Reply-To: "Doramail Mailing List" <doratalk@list.doramail.com&= gt;


my english is ok...

doramon is very cute, pokemon is ok. i dont really like them.

sometimes, i think the cartoon is stupid...but many kids like it in canada.= ..they are crazy for pokemon...

are u chinese?? --
Get your free email from www.doramail.com with 30 Megs of disk space in web= hosting and e-mail storage!





Powered by Outblaze
-- You are currently subscribed to doratalk as: sa= rdy5@graffiti.net To unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com
--MS_Mac_OE_3078168938_484959_MIME_Part-- From chuqui@plaidworks.com Mon Jul 16 22:59:20 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 14:59:20 -0700 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: Message-ID: > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3078140361_599189 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit This has nothing to do with the mailman lists. It seems to be coming from a list server on doramail.com. On 7/16/01 2:55 PM, "Simon Troup" wrote: > Firstly, I have no idea why I'm getting mail from the Mailman Dev list, I > didn't join it !!! > > Note also that I have not subscribed to any lists on outblaze.com / > portal2.com and this is I believe a result of joining the mailman lists > (happened 2 min after and I started getting post form mailman-dev too, only > subscribed to mailman-users). > > Here's an example of what I've been getting ... > > Thanks > > ======================================= > Return-path: > Envelope-to: simon.troup@digitalmusicart.com > Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400 > Received: from tower.portal2.com ([202.77.223.18]) > by dropkick.trouble-free.net with smtp (Exim 3.20 #1) > id 15MAJf-0002p9-00 > for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11:29:51 -0400 > Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000 > Delivered-To: sardy5@graffiti.net > Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 > Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) > (202.123.209.136) > by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000 > Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com > [202.123.209.174]) > by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6GFTvT31659 > for ; Mon, 16 Jul 2001 15:29:57 GMT > Message-ID: > m> > Content-Type: text/html; charset="iso-8859-1" > Content-Disposition: inline > Content-Transfer-Encoding: 7bit > MIME-Version: 1.0 > X-Mailer: MIME-tools 5.41 (Entity 5.404) > From: "Gloria Mui" > To: "Doramail Mailing List" > Date: Sun, 15 Jul 2001 01:58:53 +0800 > Subject: [doratalk] Re: Hi > List-Unsubscribe: > Reply-To: "Doramail Mailing List" > > > my english is ok... > > doramon is very cute, pokemon is ok. i dont really like them. > > sometimes, i think the cartoon is stupid...but many kids like it in > canada...they are crazy for pokemon... > > are u chinese?? -- > Get your free email from www.doramail.com with 30 Megs of disk space in > webhosting and e-mail storage! > > > > > > Powered by Outblaze > -- You are currently subscribed to doratalk as: sardy5@graffiti.net To > unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com > > -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. To the optimist, the glass is half full. To the pessimist, the glass is half empty. To the engineer, the glass is twice as big as it needs to be. --B_3078140361_599189 Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable Re: [Mailman-Developers] Please Explain !!! This has nothing to do with the mailman lists.

It seems to be coming from a list server on doramail.com.


On 7/16/01 2:55 PM, "Simon Troup" <simon.troup@digitalmusicart= .com> wrote:

Firstly, I have no idea why I'm get= ting mail from the Mailman Dev list, I didn't join it !!!

Note also that I have not subscribed to any lists on outblaze.com / portal2= .com and this is I believe a result of joining the mailman lists (happened 2= min after and I started getting post form mailman-dev too, only subscribed = to mailman-users).

Here's an example of what I've been getting ...

Thanks

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Return-path: <bounce-doratalk-3118081@lis= t.doramail.com>
Envelope-to: simon.troup@digitalmusicart.com
Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400
Received: from tower.portal2.com ([202.77.223.18])
   by dropkick.trouble-free.net with smtp (Exim 3.20 #1)
   id 15MAJf-0002p9-00
   for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11:= 29:51 -0400
Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000
Delivered-To: sardy5@graffiti.net
Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) (2= 02.123.209.136)
 by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000
Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com [= 202.123.209.174])
   by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6G= FTvT31659
   for <sardy5@graffiti.net>; Mon, 16 Jul 2001 15:29:5= 7 GMT
Message-ID: <LYRIS-3118081-45495-2001.07.16-12.20.20--sardy5#graffiti.ne= t@list.doramail.com>
Content-Type: text/html; charset=3D"iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
From: "Gloria Mui" <gloriamui@doramail.com>
To: "Doramail Mailing List" <doratalk@list.doramail.com> Date: Sun, 15 Jul 2001 01:58:53 +0800
Subject: [doratalk] Re: Hi
List-Unsubscribe: <mailto:leave-doratalk-3118081O@list.doramail.com><= BR> Reply-To: "Doramail Mailing List" <doratalk@list.doramail.com&= gt;


my english is ok...

doramon is very cute, pokemon is ok. i dont really like them.

sometimes, i think the cartoon is stupid...but many kids like it in canada.= ..they are crazy for pokemon...

are u chinese?? --
Get your free email from www.doramail.com with 30 Megs of disk space in web= hosting and e-mail storage!





Powered by Outblaze
-- You are currently subscribed to doratalk as: sa= rdy5@graffiti.net To unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com



--
Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
[<chuqui@plaidworks.com> =3D <me@chuqui.com> =3D <chuq@apple.com= >]
Yes, yes, I've finally finished my home page. Lucky you.

  To the optimist, the glass is half full.
  To the pessimist, the glass is half empty.
  To the engineer, the glass is twice as big as it needs to be.

--B_3078140361_599189-- From simon.troup@digitalmusicart.com Tue Jul 17 00:07:33 2001 From: simon.troup@digitalmusicart.com (Simon Troup) Date: Tue, 17 Jul 2001 00:07:33 +0100 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: <20010716153829.A15560@babylon5.babcom.com> Message-ID: > Possible theorem: > Someone who owns or has compromised the sardy5@graffiti.net account is > using it and its .forward file to mailbomb you. > > Have you tried sending it an unsubscribe message or complaining to the > listowner? Well, failing anything else that is what I'll do, although I am a little tentative about mailing any mailing list after the thousands of subscribe failure notices I was sent (when I didn't subscribe). I'm no goody two shoes but I doubt a tech minded enemy is doing this to me, it doesn't make any sense. Oh well I'm going to bite the bullet and try to unsubscribe. I do have options (mail block etc) but I thought you guys would want to know about things like this, and frankly I was curious why it happened so I could stop it happening again. I realise that this is not the fault of python.org or mailman, but somehow my signing up to a list with python.org instigated a bizarre mixup or attack via sardy5@graffiti.net My thanks to all those who have looked into this. Simon Troup From barry@digicool.com Tue Jul 17 01:02:19 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 16 Jul 2001 20:02:19 -0400 Subject: [Mailman-Developers] Please Explain !!! References: Message-ID: <15187.32907.166733.951521@anthem.wooz.org> >>>>> "ST" == Simon Troup writes: ST> Can anyone please explain why, after joining the Mailman Users ST> mailing list, I have been bombarded by dozens of emails that ST> appear to orinate form mailing lists at portal2.com and ST> outblaze.com and are addressed to sardy5@graffiti.net (not me ST> !! My email appears in "Envelope to"). I can guarantee there is no explicit connection between portal2 or outblaze and either Mailman or python.org. I highly doubt there's any implicit connection either, i.e. they aren't using Mailman. From the Message-ID of the message you forwarded, I'd say it's a good guess they're using Lyris . It's also almost impossible that you got bombarded by someone harvesting mailman-users because 1) there's no way they could have done that in just a few minutes; 2) why didn't anybody else get spammed? -Barry From simon.troup@digitalmusicart.com Tue Jul 17 01:15:39 2001 From: simon.troup@digitalmusicart.com (Simon Troup) Date: Tue, 17 Jul 2001 01:15:39 +0100 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: <15187.32907.166733.951521@anthem.wooz.org> Message-ID: The reason that I know there is a connection, however tentative, is that sardy5@graffiti.net is signed up on mailman-dev mailing list (i just checked) and I'm now getting all his/her mail. This is the only connection between me and him/her. I have never so much as looked at anything on portal2.com or outblaze.com. I admint it's bizzarre, but just check the subscribers list ?!?! It was probably not the python.org servers that mixed it up (how could they), still how in the hell did it happen?!?! Beats me. Simon Troup From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 16 Jul 2001 20:02:19 -0400 To: Simon Troup Cc: Subject: Re: [Mailman-Developers] Please Explain !!! >>>>> "ST" == Simon Troup writes: ST> Can anyone please explain why, after joining the Mailman Users ST> mailing list, I have been bombarded by dozens of emails that ST> appear to orinate form mailing lists at portal2.com and ST> outblaze.com and are addressed to sardy5@graffiti.net (not me ST> !! My email appears in "Envelope to"). I can guarantee there is no explicit connection between portal2 or outblaze and either Mailman or python.org. I highly doubt there's any implicit connection either, i.e. they aren't using Mailman. From the Message-ID of the message you forwarded, I'd say it's a good guess they're using Lyris . It's also almost impossible that you got bombarded by someone harvesting mailman-users because 1) there's no way they could have done that in just a few minutes; 2) why didn't anybody else get spammed? -Barry _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers From gerald@impressive.net Tue Jul 17 01:38:28 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Mon, 16 Jul 2001 20:38:28 -0400 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: ; from chuqui@plaidworks.com on Sat, Jul 14, 2001 at 08:49:34PM -0700 References: <20010714193201.A31163@impressive.net> Message-ID: <20010716203828.C24341@impressive.net> On Sat, Jul 14, 2001 at 08:49:34PM -0700, Chuq Von Rospach wrote: > On 7/14/01 4:32 PM, "Gerald Oskoboiny" wrote: > > > Regarding "I think they're wrong", I respect your opinion, but > > the HTTP spec is the result of a decade of work on and experience > > with HTTP by full-time web protocol geeks... > > But web geeks are not necessarily user-interface or user-experience geeks. > You can perfectly correctly build a nice system that's technically correct, > but not right for the users. Sure... I agree that it's possible for a standard to be irrelevant or just not meet the needs of the users for which it was written. But I don't think that is the case here: there really is a good reason for this distinction between get and post, and it is widely followed by popular sites *because* of the usability issues. (I would like to back up my "widely followed" claim by doing a survey of various popular sites, but don't have time today, and probably won't until Friday at the earliest :( Anyway, I am fairly confident that is the case.) > > What if I have a smart system on my desktop PC that is configured > > to prefetch any URLs it sees in my incoming email, > > Given the number of viruses, spam with URLs and other garbage out there, I'd > say you're foolish (bordering on stupid), but that's beside the point. Either that, or I value my time more than that of some stupid machine's :) Fetching a URL into my local http cache doesn't cause a virus to be executed or anything else bad to happen, and I wouldn't use software where that kind of thing would be possible anyway. > It is > an interesting issue, one I can't toss out easily; but I'm not convinced, > either. I think it's something that needs to be hashed over, perhaps > prototyped both ways so we can see the best way to tweak it. > > Barry, what do you think about this instance? As the net moves more towards > wireless, PDA, mobile-phone, stuff, could we be setting ourselves up for a > later problem by ignoring this pre-cache issue Gerald's raised? > > Gerald, does W3 have sample pages for "right" and "wrong" that can be looked > at, or are we going to have to develop some? The more I think about this, > the more I think it's case where we ought to see if we can develop a > prototype that follows the standards that we like, rather than toss it out > at first glance. But if we can't come up with a system that we agree is > 'easy enough', then we should go to what we're currently thinking. I included pointers to all the stuff I could think of in my first message in this thread, including a proposed implementation for mailman: http://mail.python.org/pipermail/mailman-developers/2001-January/003579.html If you think the docs on this subject at W3C are lacking, by all means let me know. Somewhat related, W3C recently published a note called "Common User Agent Problems" and it was received quite well by the web community ("we need more of that kind of thing", etc.) I think there is a plan to write a similar one targeted towards site administrators, pointing out common mistakes and raising awareness about little-known but important RFC/spec details like this. > > That would allow anyone in the world to sign me up for any > > mailman-backed mailing list, whether or not I even see the email > > confirmation requests. And that would be Mailman's fault, for > > misusing HTTP GETs. > > In disagree with this -- since as you say, any number of places already > misuse GET, that usage is fairly common. A user who sets themselves up for > it should know (or be warned by their mail client) that it has the > possibility to trigger events. I'd say it's more a client issue than a > Mailman issue. By "Mailman's fault" I meant that if mailman did this, it would be the part of the equation causing problems by not abiding by the HTTP spec. But this prefetching thing is just an example; the main point is that the protocol has this stuff built in for a reason, and there may be hundreds of other applications (current and future) that need it to be there. > And, thinking about it, since GET *can* do this, it's probably wrong for W3 > to push for it not to be used that way, because if things like your > pre-caching system come into common use, the dark side of the net will take > advantage of it, the way early virus writers took advantage of mail clients > with auto-exec of .EXE's being on by default. So aren't you setting yourself > up for problems by having a technology that can, even if you deprecate it, > because it sets a user expectation that's going to be broken by those > wanting to take advantage of it? I've got a bad feeling about this -- your > example seems to set yourself up for abuse by those looking for ways ot > abuse you, and that's a bigger issue than Mailman using it -- because if all > of the 'white side' programs cooperate, it just encourages creation of > things (like the pre-caching) that the dark side will take adavantage of. I'm not worried about abuse, myself; I would have set this up on my desktop system already if I had more time to hack it up... > > But I'd be making this > > argument whether or not that were the case, since it's clearly > > the Right Thing to do imho... > > And the more I think about it, the more it's an interesting point -- but on > more than one level. Has W3c considered the implications of defining a > standard that depends on voluntary acceptance here? Which Internet standards *don't* depend on voluntary acceptance? The HTTP spec (for example) just provides information on how HTTP is meant to work. Then people who want to do the right thing have a place to look up what the Right Thing is, and if there are ever interoperability problems between different pieces of software, people can check the spec and say "hey, look, you're doing this wrong; see rfc nnnn, sec m.m; please fix." (and if that doesn't work, there's always http://www.rfc-ignorant.org/ ;) > Because the service you > propose is unsafe unless you can guarantee everyone you talk to is > compliant, and we know how likely that's going to be. I disagree that it's unsafe; I don't especially want a bunch of spam in my http cache, but don't really care about it, either. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From chuqui@plaidworks.com Tue Jul 17 01:47:24 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 17:47:24 -0700 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010716203828.C24341@impressive.net> Message-ID: On 7/16/01 5:38 PM, "Gerald Oskoboiny" wrote: > Fetching a URL into my local http cache doesn't cause a virus to > be executed or anything else bad to happen, and I wouldn't use > software where that kind of thing would be possible anyway. You're speaking both sides of the argument, Gerald, because this whole discussion started with "don't do it this way, or you could cause me to automatically be subscribed to a mailing list". Yet you're saying it's okay to fetch it, because evidently if you fetch it, nothing bad will happen. So is it a good thing or a bad thing? You seem to be claiming both at the same time. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. I recommend the handyman's secret weapon: duct tape. From gerald@impressive.net Tue Jul 17 02:08:15 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Mon, 16 Jul 2001 21:08:15 -0400 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: ; from chuqui@plaidworks.com on Mon, Jul 16, 2001 at 05:47:24PM -0700 References: <20010716203828.C24341@impressive.net> Message-ID: <20010716210815.A334@impressive.net> On Mon, Jul 16, 2001 at 05:47:24PM -0700, Chuq Von Rospach wrote: > On 7/16/01 5:38 PM, "Gerald Oskoboiny" wrote: > > > Fetching a URL into my local http cache doesn't cause a virus to > > be executed or anything else bad to happen, and I wouldn't use > > software where that kind of thing would be possible anyway. > > You're speaking both sides of the argument, Gerald, because this whole > discussion started with "don't do it this way, or you could cause me to > automatically be subscribed to a mailing list". Yet you're saying it's okay > to fetch it, because evidently if you fetch it, nothing bad will happen. > > So is it a good thing or a bad thing? You seem to be claiming both at the > same time. I guess I should have written "or anything else really bad to happen"; I consider viruses and autoexecing executables to be much more dangerous than the occasional errant mailing list subscription. I am prepared to deal with a few bogus subscriptions here and there (of course, I'll bug each of them to get fixed as I encounter them), but it would be really bad for mailman-backed lists to operate this way, especially as mailman continues to take over the world... But once again, this prefetching business is just an example, please don't focus on that exclusively: what I am really asking is simply for Mailman to comply with the HTTP specs. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From barry@digicool.com Tue Jul 17 04:31:00 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 16 Jul 2001 23:31:00 -0400 Subject: [Mailman-Developers] Please Explain !!! References: <15187.32907.166733.951521@anthem.wooz.org> Message-ID: <15187.45428.875810.90856@anthem.wooz.org> >>>>> "ST" == Simon Troup writes: ST> I admint it's bizzarre, but just check the subscribers list ST> ?!?! It was probably not the python.org servers that mixed it ST> up (how could they), still how in the hell did it happen?!?! ST> Beats me. Me too. From chuqui@plaidworks.com Tue Jul 17 04:43:56 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 20:43:56 -0700 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: <15187.45428.875810.90856@anthem.wooz.org> Message-ID: On 7/16/01 8:31 PM, "Barry A. Warsaw" wrote: > Me too. Yup. But nobody else on the list saw anything, so it's hard to say that they somehow chose one person out of the list to annoy. I'd suggest looking further, and see if you can find what's really going on, since it doesn't seem to involve the python.org lists. Be aware, though, that outblaze is a horribly flakey place these days, and I"m not at all surprised it's barfing at people. I've seen multiple instances of that kind of problem -- to the point where I finally unsubscribed everyone with outblaze-based addresses from all my lists, and if they asked, I told them to get different addresses that worked. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Q: Did God really create the world in seven days? A: He did it in six days and nights while living on cola and candy bars. On the seventh day he went home and found out his girlfriend had left him. From chuqui@plaidworks.com Tue Jul 17 05:04:09 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 21:04:09 -0700 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: <20010716203828.C24341@impressive.net> Message-ID: I've removed mailman-users from the disto. We shhouldn't be using both lists at the same time in discussions, and this is a developers/design issue. On 7/16/01 5:38 PM, "Gerald Oskoboiny" wrote: > Sure... I agree that it's possible for a standard to be irrelevant > or just not meet the needs of the users for which it was written. > > But I don't think that is the case here: But -- you haven't dealt with the safety issue in any substantive way. If you can't build a standard that protects the user from abuse, I'd argue that the standard provides a false sense of security that is more destructive than not standardizing at all; because, as you noted, it'll tend to encourage developers to write to the standard, and not all of those writers will really understand the subtler issues involved. So if you can't make GET safe to automatically browse, even with the blackhats, I'd argue it's better to not create standards that'd encourage that -- or write the standard in such a way that these issues and limitations are very clear IN the standard. > (I would like to back up my "widely followed" claim by doing a > survey of various popular sites, but don't have time today, and > probably won't until Friday at the earliest :( Anyway, I am > fairly confident that is the case.) I would really like to see this; especially since ignoring the larger issues with the standard, I'd like to see how people are doing this so make sure stuff that's done here (and stuff I have in the hopper) do it the best way. And that means following standards, as long as they make sense. But I still wouldn't auto-crawl an incoming data stream for links and pull them down automagically... I'm bothered with the larger issues, almost to the point where the initial problem becomes irrelevant. > Fetching a URL into my local http cache doesn't cause a virus to > be executed or anything else bad to happen, and I wouldn't use > software where that kind of thing would be possible anyway. No, but it can cause actions you'll regret. You started this by bringing up one as a problem. Now, however, you're saying "well, that's no big deal". Which is it? No big deal? Or a problem? And if we can trigger actions you might or might not like, you can bet it'll honk off others. And if we can trigger actions, so can others, and those won't necessarily be innocent ones. So I don't think you can ignore this issue by simply minimizing it's importance. Either it is, or it isn't, and you can't start making judgemental calls on individual cases and using that to imply that all cases are not serious. To me, that's what you've done -- no offense, Gerald, but it's coming across a bit like you're trying to duck the larger issue, while still pushing for mailman to 'fix' the problem you're trying to minimize. > If you think the docs on this subject at W3C are lacking, by all > means let me know. No, what I really was hoping for were examples of what W3 (or you) consider 'proper', to see how W3 thinks this ought to be done. > Somewhat related, W3C recently published a note called "Common > User Agent Problems" and it was > received quite well by the web community Off to go read.... > I think there is a plan to write a similar > one targeted towards site administrators, pointing out common > mistakes and raising awareness about little-known but important > RFC/spec details like this. One of the best things I think W3 could do in these cases is not only to write "good" "bad", but generate cookbooks of techniques, with explanations of why they're good, or why they ought to be avoided. Especially in the subtlties of the standards that might not be intuitively obvious, or which might be involved in emerging technologies (like wireless) that the typical designer hasn't had time to worry about yet (or doesn't know to worry about). I love things like the "Perl Cookbook" of code fragments and examples, not just because it saves me reinventing the wheel, but it gives me insight into how things ought to be done, at least in the eyes of my betters. And if you create a cookbook, people are a lot more likely to adopt them, since they can borrow the existing code... > By "Mailman's fault" I meant that if mailman did this, it would > be the part of the equation causing problems by not abiding by > the HTTP spec. But this prefetching thing is just an example; the > main point is that the protocol has this stuff built in for a > reason, and there may be hundreds of other applications (current > and future) that need it to be there. The standards also brought us, um, BLINK. Just because it's there or someone proposes it doesn't mean we ought to do it that way. > I'm not worried about abuse, myself; You should be. Espeecailly if you're building a standard that enables security problems and encourages programmers to write to allow for those problems in it. >> And the more I think about it, the more it's an interesting point -- but on >> more than one level. Has W3c considered the implications of defining a >> standard that depends on voluntary acceptance here? > > Which Internet standards *don't* depend on voluntary acceptance? But there's a difference here -- we're talking about possible security issues, not just whether someone adopts a tag. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. 95% of being a net.god is sounding persuasive and convincing people you know what you're talking about, even when you're making it up as you go along. (chuq von rospach, 1992) From barry@digicool.com Tue Jul 17 05:16:06 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 17 Jul 2001 00:16:06 -0400 Subject: [Mailman-Developers] GET vs POST (was Re: subscription confirmations) References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> Message-ID: <15187.48134.59109.612907@anthem.wooz.org> I have a couple of questions and comments, and then I /really/ need to get some sleep, so I'll follow up with more tomorrow. If state changing GETs break the standards, then why does e.g. Apache by default allow you to GET a cgi program? Apache is the most common web server (certainly on Mailman-friendly OSes) so I would think that it should adhere to the specs pretty closely. Aren't the majority of cgi programs of a state-changing nature? Sure, you've got your odd search interface, but even a script like Mailman's private.py changes state: you get authenticated and a cookie gets dropped, and now your interactions are governed by a change in state. Wouldn't it therefore make sense for Apache to in general disallow GETs to programs by default, with some enabling technique to allow specific state-neutral programs to be GETted? I'll also mention that it seems to me that strict adherence to this rule would be pretty harmful to a platform like Zope, where urls are really encoded object access and execution commands (like RPC via urls). sleepi-ly y'rs, -Barry From rogerk@QueerNet.ORG Tue Jul 17 05:58:49 2001 From: rogerk@QueerNet.ORG (Roger B.A. Klorese) Date: Mon, 16 Jul 2001 21:58:49 -0700 (PDT) Subject: [Mailman-Developers] Re: [Mailman-Users] GET vs POST (was Re: subscription confirmations) In-Reply-To: <15187.48134.59109.612907@anthem.wooz.org> Message-ID: On Tue, 17 Jul 2001, Barry A. Warsaw wrote: > If state changing GETs break the standards, then why does e.g. Apache > by default allow you to GET a cgi program? A CGI program that has no side-effects and simply dynamically generates content wouldn't be a violation. > Wouldn't it therefore make sense for Apache to in general disallow > GETs to programs by default, with some enabling technique to allow > specific state-neutral programs to be GETted? No, not to me, anyway. > I'll also mention that it seems to me that strict adherence to this > rule would be pretty harmful to a platform like Zope, where urls are > really encoded object access and execution commands (like RPC via > urls). Sounds like a bad choice. -- ROGER B.A. KLORESE rogerk@QueerNet.ORG PO Box 14309 San Francisco, CA 94114 "Go without hate. But not without rage. Heal the world." -- Paul Monette From gerald@impressive.net Tue Jul 17 07:35:24 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Tue, 17 Jul 2001 02:35:24 -0400 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: ; from chuqui@plaidworks.com on Mon, Jul 16, 2001 at 09:04:09PM -0700 References: <20010716203828.C24341@impressive.net> Message-ID: <20010717023524.C1482@impressive.net> On Mon, Jul 16, 2001 at 09:04:09PM -0700, Chuq Von Rospach wrote: > I've removed mailman-users from the disto. We shhouldn't be using both lists > at the same time in discussions, and this is a developers/design issue. ok... I was wondering about that, thanks. > On 7/16/01 5:38 PM, "Gerald Oskoboiny" wrote: > > Sure... I agree that it's possible for a standard to be irrelevant > > or just not meet the needs of the users for which it was written. > > > > But I don't think that is the case here: > > But -- you haven't dealt with the safety issue in any substantive way. If > you can't build a standard that protects the user from abuse, I'd argue that > the standard provides a false sense of security that is more destructive > than not standardizing at all; because, as you noted, it'll tend to > encourage developers to write to the standard, and not all of those writers > will really understand the subtler issues involved. So if you can't make GET > safe to automatically browse, even with the blackhats, I'd argue it's better > to not create standards that'd encourage that -- or write the standard in > such a way that these issues and limitations are very clear IN the standard. I think the HTTP spec is fairly clear about most of this: 9.1.1 Safe Methods Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others. In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested. Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them. -- http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1 but once all that's been said, it's really up to the implementations to do the right thing. > > Fetching a URL into my local http cache doesn't cause a virus to > > be executed or anything else bad to happen, and I wouldn't use > > software where that kind of thing would be possible anyway. > > No, but it can cause actions you'll regret. You started this by bringing up > one as a problem. Now, however, you're saying "well, that's no big deal". > > Which is it? No big deal? Or a problem? And if we can trigger actions you > might or might not like, you can bet it'll honk off others. And if we can > trigger actions, so can others, and those won't necessarily be innocent > ones. If it happens once in a while with an obscure site here and there, that's much less of a problem than if some popular software like Mailman is doing the wrong thing and sending out tens or hundreds of thousands of these messages every day. (in part because every time one of these is used, it helps legitimize the practice of 'click this URL to unsub', which is the wrong message to be sending to people.) I don't expect all the incorrect implementations in the world to suddenly get fixed overnight, but I'm trying to get the ones I know about fixed. > > If you think the docs on this subject at W3C are lacking, by all > > means let me know. > > No, what I really was hoping for were examples of what W3 (or you) consider > 'proper', to see how W3 thinks this ought to be done. ok, I'll try to write something up on this sometime... > > I think there is a plan to write a similar > > one targeted towards site administrators, pointing out common > > mistakes and raising awareness about little-known but important > > RFC/spec details like this. > > One of the best things I think W3 could do in these cases is not only to > write "good" "bad", but generate cookbooks of techniques, with explanations > of why they're good, or why they ought to be avoided. Especially in the > subtlties of the standards that might not be intuitively obvious, or which > might be involved in emerging technologies (like wireless) that the typical > designer hasn't had time to worry about yet (or doesn't know to worry > about). I agree this kind of thing needs to be done, but I think it can usually be done quite well by third parties, in online courses and articles, printed books, etc. But like I said above, I think W3C will start doing a bit more of this than we have in the past, it's just a matter of finding the time... > > By "Mailman's fault" I meant that if mailman did this, it would > > be the part of the equation causing problems by not abiding by > > the HTTP spec. But this prefetching thing is just an example; the > > main point is that the protocol has this stuff built in for a > > reason, and there may be hundreds of other applications (current > > and future) that need it to be there. > > The standards also brought us, um, BLINK. er... no, Netscape's programmers implemented BLINK one night after they had been drinking :) It's not in any HTML standard ever published by W3C or the IETF. > >> And the more I think about it, the more it's an interesting point -- but on > >> more than one level. Has W3c considered the implications of defining a > >> standard that depends on voluntary acceptance here? > > > > Which Internet standards *don't* depend on voluntary acceptance? > > But there's a difference here -- we're talking about possible security > issues, not just whether someone adopts a tag. A bad implementation of a spec can always cause security problems. This distinction between GET and POST in the HTTP protocol is specifically there to *prevent* problems: if I make a stock trade using an online brokerage and then hit my browser's "back" and "forward" buttons, I don't want the same transaction executed again! That's why brokerages, banks, and other quality sites use POST for such transactions, and browsers written to the spec will prompt the user for confirmation before rePOSTing a form. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From mailman-developers@python.org Tue Jul 17 07:53:09 2001 From: mailman-developers@python.org (Gerald Oskoboiny) Date: Tue, 17 Jul 2001 02:53:09 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <15187.48134.59109.612907@anthem.wooz.org>; from barry@digicool.com on Tue, Jul 17, 2001 at 12:16:06AM -0400 References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> Message-ID: <20010717025309.D1482@impressive.net> (Chuq has suggested that we keep this thread on -developers, so this will be my last post to -users on the subject for now, I just wanted to respond to this here in case anyone else was curious about this stuff.) On Tue, Jul 17, 2001 at 12:16:06AM -0400, Barry A. Warsaw wrote: > > I have a couple of questions and comments, and then I /really/ need to > get some sleep, so I'll follow up with more tomorrow. > > If state changing GETs break the standards, then why does e.g. Apache > by default allow you to GET a cgi program? Apache is the most common > web server (certainly on Mailman-friendly OSes) so I would think that > it should adhere to the specs pretty closely. > > Aren't the majority of cgi programs of a state-changing nature? I don't think so; TimBL addresses this in his writeup: Forms: GET and POST There is a very important distinction in society and in software, and certainly on the Web, between reading and writing; between having no effect and making changes; between observing and making a commitment. This is fundamental in the Web and your web site must respect it. Currently the line is often fuzzily drawn, which is very bad for many reasons. Form can work in two ways corresponding to this distinction. One way is to direct the user, like a link, to a new resource, but one whose URI is constructed from the form's field values. This is typically how a query form works. (It uses HTTP's GET method.) The user makes no commitment. Once he or she has followed the link, he or she can bookmark the result of the query. Following any link to that same URI will perform the same query again. It is as though Web space were populated by lots of virtual pages, one for the results of each possible query to the server. There is no commitment by the user. The operation can be undone simply by pressing the Back button on a browser. The user can never be held responsible for anything which was done using HTTP GET. If your website fills a shopping cart as a user follows normal links, and sometimes users end up ordering too much or too little as they use a web accelerator or a cache, then it is your fault. You should have used the second way. The second way a form can work is to take a command, or commitment, from the user. This is done using HTTP POST or sometimes by sending an message. "Submit this order", and "unsubscribe from this list" are classic examples. It is really important that the user understands when a commitment or change is being made and when it isn't. Hopefully, clients will help by changing the cursor to a special one when a commitment is about to be made. Such an operation, like sending an email, or signing and mailing a paper document, cannot be undone. It is socially quite different. Browsers and servers and proxies which understand HTTP treat it quite differently. You should never confuse these two types of interaction on your web site, either way. If you do, you break the web, and the web will break your site. -- http://www.w3.org/Provider/Style/Input > Sure, > you've got your odd search interface, but even a script like Mailman's > private.py changes state: you get authenticated and a cookie gets > dropped, and now your interactions are governed by a change in state. private.py uses POST, no? un: gerald> grep -i ' (from the 2.0.5 codebase) > I'll also mention that it seems to me that strict adherence to this > rule would be pretty harmful to a platform like Zope, where urls are > really encoded object access and execution commands (like RPC via > urls). I haven't studied Zope, so I don't know about that, sorry. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From thomas@xs4all.net Tue Jul 17 09:34:22 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Tue, 17 Jul 2001 10:34:22 +0200 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <15184.31080.663487.123985@anthem.wooz.org> Message-ID: <20010717103422.J5396@xs4all.nl> On Sat, Jul 14, 2001 at 12:55:04PM -0400, Barry A. Warsaw wrote: > >>>>> "CVR" == Chuq Von Rospach writes: > >> I realize that a number of other sites misuse GET this way, but > >> I think most of the large ones (e.g., Yahoo, online brokerages > >> and banks, etc.) get it right, and I think Mailman should too. [ ... ] > CVR> But the key is this is a finalization of a distributed > CVR> transaction, with e-mail distributing the token. Under other > CVR> circumstances, I see W3's logic. Here, however, using a URL > CVR> to bring up a page that says "click here to confirm" is only > CVR> going to piss off Joe User, not make his life better. > I agree with Chuq. The user isn't going to understand the distinction > and is just going to be annoyed by having to do, what to them seems > like an extra unnecessary step. After some careful consideration, as well as a chat with a few clueful colleagues, I have to disagree with you, Barry. The trick here is 'managing the expectations'. Having the message say something like To confirm or remove your subscription request, visit And then have that URL bring up a nice overview of what list you are subscribing to, the options you chose (regular-digest/mime-digest/etc), what email address you entered, and 'remove' and 'confirm' buttons. Frankly, it's always bothered me that you can't unconfirm a mailinglist subscription, let alone not being able to see what you are subscribing to ;P Extra credit if you make the URL (or something similar) also work if a subscription is held for approval, but without a 'confirm' button -- just a 'remove' one. Actually, the same kind of interface for a held message would be great, too :) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From gorg@sun1.imbi.uni-freiburg.de Tue Jul 17 11:02:47 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Tue, 17 Jul 2001 12:02:47 +0200 Subject: [Mailman-Developers] Bug in Mailman version 2.1a2: confirm+approve via URL Message-ID: <3B540D47.9E6607B0@imbi.uni-freiburg.de> This is a multi-part message in MIME format. --------------97904EBC523467BE868515F6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi developers, when a user tries to confirms a subscription request for a list with "confirm+approve" subscription poliy via the URL given in the "confirm" email, he hits a bug (see attachment). The administrator is notified about a subcription request but does not find one in the administrative database. Who helps? Georg Koch -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ --------------97904EBC523467BE868515F6 Content-Type: text/html; charset=us-ascii; name="3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d" Content-Base: "http://www.cochrane.de/mailman/confirm /test.closed/3d51811f6ec50924cbcfb5 a15fb5e42c27b2c87d" Content-Location: "http://www.cochrane.de/mailman/confirm /test.closed/3d51811f6ec50924cbcfb5 a15fb5e42c27b2c87d" Bug in Mailman version 2.1a2

Bug in Mailman version 2.1a2

We're sorry, we hit a bug!

If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks!

Traceback:

Traceback (most recent call last):
  File "/local/mailman/scripts/driver", line 96, in run_main
    main()
  File "/local/mailman/Mailman/Cgi/confirm.py", line 70, in main
    data = mlist.ProcessConfirmation(cookie)
  File "../Mailman/MailList.py", line 1175, in ProcessConfirmation
    raise Errors.MMNeedApproval, _(
MMNeedApproval: subscriptions to Test.closed require administrator approval

Python information:

VariableValue
sys.version 2.1 (#1, Jun 26 2001, 16:46:38) [GCC 2.95.2 19991024 (release)]
sys.executable /usr/local/bin/python
sys.prefix /usr/local
sys.exec_prefix /usr/local
sys.path /usr/local
sys.platform sunos5

Environment variables:

VariableValue
DOCUMENT_ROOT /www/docs/cochrane
SERVER_ADDR 132.230.10.21
HTTP_ACCEPT_ENCODING gzip
REMOTE_HOST sun31.imbi.uni-freiburg.de
SERVER_PORT 80
PATH_TRANSLATED /www/docs/cochrane/test.closed/3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d
REMOTE_ADDR 132.230.10.31
SERVER_SOFTWARE Apache/1.3.19 (Unix) ApacheJServ/1.1.2 PHP/4.0.4pl1 mod_ssl/2.8.1 OpenSSL/0.9.6
GATEWAY_INTERFACE CGI/1.1
UNIQUE_ID O1QKdYTmChUAAAa3GM4
HTTP_ACCEPT_LANGUAGE en
REMOTE_PORT 40434
SERVER_NAME www.cochrane.de
TZ MET
HTTP_USER_AGENT Mozilla/4.7 [en] (X11; I; SunOS 5.8 sun4u)
HTTP_ACCEPT_CHARSET iso-8859-1,*,utf-8
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
REQUEST_URI /mailman/confirm/test.closed/3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d
QUERY_STRING
SERVER_PROTOCOL HTTP/1.0
PATH_INFO /test.closed/3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d
HTTP_HOST www.cochrane.de
REQUEST_METHOD GET
SERVER_SIGNATURE
Apache/1.3.19 Server at www.cochrane.de Port 80
SCRIPT_NAME /mailman/confirm
SERVER_ADMIN gorg@cochrane.de
SCRIPT_FILENAME /dsk/www/mailman/cgi-bin/confirm
PYTHONPATH /local/mailman
HTTP_COOKIE test.closed:admin=
HTTP_CONNECTION Keep-Alive
--------------97904EBC523467BE868515F6-- From jra@baylink.com Tue Jul 17 14:35:03 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Tue, 17 Jul 2001 09:35:03 -0400 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: <20010717023524.C1482@impressive.net>; from Gerald Oskoboiny on Tue, Jul 17, 2001 at 02:35:24AM -0400 References: <20010716203828.C24341@impressive.net> <20010717023524.C1482@impressive.net> Message-ID: <20010717093503.24833@scfn.thpl.lib.fl.us> On Tue, Jul 17, 2001 at 02:35:24AM -0400, Gerald Oskoboiny wrote: > # Naturally, it is not possible to ensure that the server does not > # generate side-effects as a result of performing a GET request; in > # fact, some dynamic resources consider that a feature. The important > # distinction here is that the user did not request the side-effects, > # so therefore cannot be held accountable for them. > # > # -- http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1 > > but once all that's been said, it's really up to the implementations > to do the right thing. It seems worth noting here that Zope makes this even worse: "procedure calls" won't necessarily be POSTs *or* GETs. > > > Fetching a URL into my local http cache doesn't cause a virus to > > > be executed or anything else bad to happen, and I wouldn't use > > > software where that kind of thing would be possible anyway. > > > > No, but it can cause actions you'll regret. You started this by bringing up > > one as a problem. Now, however, you're saying "well, that's no big deal". > > > > Which is it? No big deal? Or a problem? And if we can trigger actions you > > might or might not like, you can bet it'll honk off others. And if we can > > trigger actions, so can others, and those won't necessarily be innocent > > ones. > > If it happens once in a while with an obscure site here and there, > that's much less of a problem than if some popular software like > Mailman is doing the wrong thing and sending out tens or hundreds > of thousands of these messages every day. (in part because every > time one of these is used, it helps legitimize the practice of > 'click this URL to unsub', which is the wrong message to be > sending to people.) Certainly. > I don't expect all the incorrect implementations in the world to > suddenly get fixed overnight, but I'm trying to get the ones I > know about fixed. But the problem here, Gerald, is that Chuq and I are having the "should the standard actually say this in the real world" conversation, and you're assuming that it should. Chuq's asked you for your reasons why you support this, him having given his... and so far, his outweigh yours, for *me*. > > One of the best things I think W3 could do in these cases is not only to > > write "good" "bad", but generate cookbooks of techniques, with explanations > > of why they're good, or why they ought to be avoided. Especially in the > > subtlties of the standards that might not be intuitively obvious, or which > > might be involved in emerging technologies (like wireless) that the typical > > designer hasn't had time to worry about yet (or doesn't know to worry > > about). > > I agree this kind of thing needs to be done, but I think it can > usually be done quite well by third parties, in online courses > and articles, printed books, etc. But like I said above, I think > W3C will start doing a bit more of this than we have in the past, > it's just a matter of finding the time... Um... *it's time*? HTTP underlays half the planet. Someone needs to explain that to the people who pay the bills of the folks on the committee. > > >> And the more I think about it, the more it's an interesting > > >> point -- but on more than one level. Has W3c considered the > > >> implications of defining a standard that depends on voluntary > > >> acceptance here? > > > > > > Which Internet standards *don't* depend on voluntary acceptance? > > > > But there's a difference here -- we're talking about possible > > security issues, not just whether someone adopts a tag. > > A bad implementation of a spec can always cause security problems. Precisely our point. Thank you. :-) > This distinction between GET and POST in the HTTP protocol is > specifically there to *prevent* problems: if I make a stock trade > using an online brokerage and then hit my browser's "back" and > "forward" buttons, I don't want the same transaction executed again! > That's why brokerages, banks, and other quality sites use POST for > such transactions, and browsers written to the spec will prompt the > user for confirmation before rePOSTing a form. No, that's why anyone competent doing that sort of coding will put a Transaction Sequence Number cookie in a hidden field in the form, and bounce duplicate submissions. Depending on the browser there is another of those false senses of security Chuq was talking about earlier. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From claw@2wire.com Tue Jul 17 19:30:50 2001 From: claw@2wire.com (J C Lawrence) Date: Tue, 17 Jul 2001 11:30:50 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: Message from Thomas Wouters of "Tue, 17 Jul 2001 10:34:22 +0200." <20010717103422.J5396@xs4all.nl> References: <20010717103422.J5396@xs4all.nl> Message-ID: <9488.995394650@2wire.com> On Tue, 17 Jul 2001 10:34:22 +0200 Thomas Wouters wrote: > After some careful consideration, as well as a chat with a few > clueful colleagues, I have to disagree with you, Barry. The trick > here is 'managing the expectations'. Having the message say > something like > To confirm or remove your subscription request, visit > And then have that URL bring up a nice overview of what list you > are subscribing to, the options you chose > (regular-digest/mime-digest/etc), what email address you entered, > and 'remove' and 'confirm' buttons. Agreed. Which is the greater value: Yet more automated hand-holding for the uncertain/unfacile or Faster and more direct operation for the masses >From a list owner perspective I know which side I'd prefer. > Frankly, it's always bothered me that you can't unconfirm a > mailinglist subscription, let alone not being able to see what you > are subscribing to ;P > Extra credit if you make the URL (or something similar) also work > if a subscription is held for approval, but without a 'confirm' > button -- just a 'remove' one. Actually, the same kind of > interface for a held message would be great, too :) Yup, especially the latter (I have several who persist in sending in dupes before they remember its a hand moderated list). -- J C Lawrence ("`-''-/").___..--''"`-._ ---------(*) `6_ 6 ) `-. ( ).`-.__.`) claw@kanga.nu (_Y_.)' ._ ) `._ `. ``-..-' http://www.kanga.nu/~claw/ _..`--'_..-_/ /--'_.' ,' I never claimed I was human (il),-'' (li),' ((!.-' From alaric@babcom.com Tue Jul 17 20:02:30 2001 From: alaric@babcom.com (Phil Stracchino) Date: Tue, 17 Jul 2001 12:02:30 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <20010717103422.J5396@xs4all.nl>; from thomas@xs4all.net on Tue, Jul 17, 2001 at 10:34:22AM +0200 References: <15184.31080.663487.123985@anthem.wooz.org> <20010717103422.J5396@xs4all.nl> Message-ID: <20010717120230.A26943@babylon5.babcom.com> On Tue, Jul 17, 2001 at 10:34:22AM +0200, Thomas Wouters wrote: > After some careful consideration, as well as a chat with a few clueful > colleagues, I have to disagree with you, Barry. The trick here is 'managing > the expectations'. Having the message say something like > > To confirm or remove your subscription request, visit > > > And then have that URL bring up a nice overview of what list you are > subscribing to, the options you chose (regular-digest/mime-digest/etc), what > email address you entered, and 'remove' and 'confirm' buttons. Frankly, it's > always bothered me that you can't unconfirm a mailinglist subscription, let > alone not being able to see what you are subscribing to ;P > > Extra credit if you make the URL (or something similar) also work if a > subscription is held for approval, but without a 'confirm' button -- just a > 'remove' one. Actually, the same kind of interface for a held message would > be great, too :) I agree strongly that this is the _RIGHT_ way to do it, and it complies with W3C standards as well. Opening the URL should not just go ahead and do something, and many people may be angry if it does. It should tell the user what it's offering to do, and then allow the user to make an informed decision about whether to do it or cancel it. After all, it's only one extra click. Keep in mind that there are foolish people out there who use mail clients from evil software monopolists that can be configured to automatically preload URLs contained in mail, and some of them do so configure them. Then everyone on the list has to deal with, "How did I get on this list? Stop sending me mail!" -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek alaric@babcom.com halmayne@sourceforge.net 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) From chuqui@plaidworks.com Wed Jul 18 01:27:52 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Tue, 17 Jul 2001 17:27:52 -0700 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: <20010717023524.C1482@impressive.net> Message-ID: On 7/16/01 11:35 PM, "Gerald Oskoboiny" wrote: > I think the HTTP spec is fairly clear about most of this: Gerald - I hope this is taken in a team-building way, since it's what I intend it to be.=20 > 9.1.1 Safe Methods >=20 > Implementors should be aware that the software represents the user in [... Etc ...] This section is written like most good Unix man pages. It speaks volumes to someone who already knows the answer, and is pretty much opaque to someone who doesn't.=20 If I were coming to it cold, researching the protocol, I'd leave it again without any real idea that there are significant problems that I ought to b= e aware of. And even if I have some idea there are problems to worry about, I wouldn't have a clue what to worry about. Even after our discussion already= , I find this very illuminating. Now, I've been doing internet stuff for 20 years, and HTTP/Web stuff since 1995, and even with my background, I find this doesn't really say anything to me about any of the issues I should be warned about here. It's very nice, but it speaks to the choir who already knows what it speaks of. To an outsider, it not only doesn't illuminate, it doesn't do a thing to tell me why the choir is a good thing to join, either= . So if I'm doing my research, I read it through, and go off and do whatever = I was planning on doing in the first place, without ever really knowing that = I just tripped over an iceberg. > but once all that's been said, it's really up to the implementations > to do the right thing. And the implementors are given basically no guidance on how, or even why. And very little what. Which makes it really hard for the implementor to get it right, and even harder for them to care -- what with deadlines and bosse= s and other things actively in their faces, this stuff just isn't going to ge= t a lot of visibility with the people you need to be evangelizing. > If it happens once in a while with an obscure site here and there, > that's much less of a problem than if some popular software like > Mailman is doing the wrong thing I'm sorry, but I consider this ducking the issue again. You're completely ignoring the white hat/black hat issue,and hiding behind "obscure" and "not a significant issue" and other rationalizations, while still trying to prov= e that Mailman is none of those, and therefore ought to consider this a crisi= s issue.=20 But since I've tried three times now to get you to deal with this double-standard and gotten nowhere, I'll drop it. No sense beating a dead horse. You clearly don=B9t' want to deal with the issue, so I'll stop pushing= . But I'm disappointed, to be honest about it. > I don't expect all the incorrect implementations in the world to > suddenly get fixed overnight, but I'm trying to get the ones I > know about fixed. Which ignores the larger issue of the standard encouraging implementations of tools that run into these problems, without dealing with the problems themselves, and leaving it up to the implementor to figure out how to "do the right thing" to avoid whatever those bogeymen are, which can't, basically, be known ahead of time. This all comes across to me as the prerson who decided that Microsoft's e-mail client would -- by default -- execute included .EXE files, because what's the worst that could happen? > I agree this kind of thing needs to be done, but I think it can > usually be done quite well by third parties, Which is a great way to duck responsibility, not get it done, and be able t= o blame someone else when something bad happens because this stuff didn't exist. > A bad implementation of a spec can always cause security problems. But the problem here is that gET itself is the security problem, as the functionality currently exists, and you're trying to 'fix' the problem by creating a standard that says "don't do that". THAT doesn't work. Because even if it does work with all us whitehats, the blackhats are simply going to look at it with even more glee, since it's even less expected of the end user when those side effects click in. But enough. You and I simply don't see eye to eye here, and clearly won't, and I'll shut up now. You want to focus on the micro issue of Mailman, whil= e I see that as a non-issue compared to the macro issues you are ignoring. An= d it looks like impasse. --=20 Chuq Von Rospach, Internet Gnome [ =3D =3D ] Yes, yes, I've finally finished my home page. Lucky you. I recommend the handyman's secret weapon: duct tape. From barry@digicool.com Wed Jul 18 02:08:59 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 17 Jul 2001 21:08:59 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> Message-ID: <15188.57771.983805.886886@anthem.wooz.org> I was pulled away on other work for most of the day, but I think I've caught up with the whole thread. On the micro-issue of what Mailman's ttw confirmation should do, I am much more swayed by Thomas's observation that we can actually add useful value by providing a form that allows the user to confirm or discard his request. Given that I agree with everything Chuq et al have said about the inherent insecurity of GET, that seemed to me a more persuasive argument as it pertains narrowly to Mailman. Unless someone wants to volunteer to do usability studies (for which I don't have the time), I propose to change confirm.py to POST a form, and to pull in the ability to cancel held postings and subscription requests. Good idea Thomas. But I definitely appreciate the discussions Gerald initiated, and I'm glad he did that. Hopefully, Gerald can bring the very valid concerns raised here before the W3C and the standards authors. I think they're vitally important to where the web is going. The security and privacy of the web has such a deservedly poor reputation, what with JavaScript and Java vulnerabilities (and the increasing number of sites that are simply unnavigatable without them), client-side trojans, web bugs, hijacked ActiveX certificates etc. etc. I really wish browser vendors would err on the side of security and privacy than on convenience. Sucker the user in enough times, or sucker enough of them in and the web will not be able to recover. -Barry From chuqui@plaidworks.com Wed Jul 18 04:35:13 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Tue, 17 Jul 2001 20:35:13 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <15188.57771.983805.886886@anthem.wooz.org> Message-ID: On 7/17/01 6:08 PM, "Barry A. Warsaw" wrote: > Good idea Thomas. Agreed. I'm all for it, also. > I really wish browser vendors > would err on the side of security and privacy than on convenience. They won't until their users do, and to be honest, the loud minority notwithstanding, that's what they are -- a loud minority. And to some degree the loud part does their cause a disservice, because they get written off by many people because they tend to be so strident, while Joe User simply doesn't care -- and nobody's done a good job trying to convince Joe User he should. > Sucker the user in enough times, or sucker enough of them in and the > web will not be able to recover. Unfortunately, Barry, you're wrong. Don't believe me? Look at all of the spam that's nothing more than an electronic version of the same old scams that they've been trying to wipe out of the paper postal service for generations.... -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. I'm really easy to get along with once you people learn to worship me. From les@2pi.org Wed Jul 18 07:50:33 2001 From: les@2pi.org (Les Niles) Date: Tue, 17 Jul 2001 23:50:33 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <15188.57771.983805.886886@anthem.wooz.org> (barry@digicool.com) References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> <15188.57771.983805.886886@anthem.wooz.org> Message-ID: <200107180650.XAA23833@mutiny.2pi.org> On Tue, 17 Jul 2001 21:08:59 -0400 barry@digicool.com (Barry A. Warsaw) wrote: >I was pulled away on other work for most of the day, but I think I've >caught up with the whole thread. > >On the micro-issue of what Mailman's ttw confirmation should do, I am >much more swayed by Thomas's observation that we can actually add >useful value by providing a form that allows the user to confirm or >discard his request. Given that I agree with everything Chuq et al >have said about the inherent insecurity of GET, that seemed to me a >more persuasive argument as it pertains narrowly to Mailman. > >Unless someone wants to volunteer to do usability studies (for which I >don't have the time), I propose to change confirm.py to POST a form, >and to pull in the ability to cancel held postings and subscription >requests. Good idea Thomas. > >But I definitely appreciate the discussions Gerald initiated, and I'm >glad he did that. Hopefully, Gerald can bring the very valid concerns >raised here before the W3C and the standards authors. I think they're >vitally important to where the web is going. The security and privacy >of the web has such a deservedly poor reputation, what with JavaScript >and Java vulnerabilities (and the increasing number of sites that are >simply unnavigatable without them), client-side trojans, web bugs, >hijacked ActiveX certificates etc. etc. I really wish browser vendors >would err on the side of security and privacy than on convenience. >Sucker the user in enough times, or sucker enough of them in and the >web will not be able to recover. > >-Barry This whole controversy might be my fault -- I don't know the pedigree of Barry's implementation, but I'd submitted a confirm-by-visiting-this-URL patch several months ago. Hey, what can I say? it was a quick hack. But since it was implemented I don't think I've had one I-can't-follow-the-instructions-to-confirm exchange with a cluefully-challenged proto-subscriber; neither have I had a single complaint about misuse of GET. The discussion has been thought-provoking. I'm not entirely swayed to the position that it's morally wrong to use GET in this case, where repeating the GET doesn't have any effect beyond what was caused by the first. But Barry has a good point, that Thomas' idea adds value. IMHO it's a much better UI -- no matter how much text surrounds it, a URL in email isn't as clearly delineated as a big fat button in the middle of a web page. Having a "don't confirm" button also is even better. And regardless, using POST instead of GET is a fairly simple change. From a pragmatic point of view, there's not much reason not to comply with the published standard, even if its justification is weak. (This is not to devalue the discussion and debate of the W3C's position.) -les From maxy@turbolinux.com.cn Wed Jul 18 10:44:33 2001 From: maxy@turbolinux.com.cn (Max Yu) Date: Wed, 18 Jul 2001 17:44:33 +0800 Subject: [Mailman-Developers] Suggestion to add multiple language support Message-ID: <3B555A81.DFAD0ED5@turbolinux.com.cn> Hi, Currently Mailman only supports English, this is not very convenient to average people living outside English spoken countries. So maybe it will be great help if Mailman can support other languages, and let users choose which language he wants to use. I guess this may need to add more templates directory in the source tree, one directory for a language. Or something like that. I can help to write templates for Simplified Chinese, if you need it. Thanks. Best Regards, Max From angeles.moreno@senado.es Wed Jul 18 12:40:37 2001 From: angeles.moreno@senado.es (Angeles Moreno Camarero) Date: Wed, 18 Jul 2001 13:40:37 +0200 Subject: [Mailman-Developers] unsubscribe Message-ID: <003e01c10f7e$78036970$660a9696@senado.es> This is a multi-part message in MIME format. ------=_NextPart_000_003A_01C10F8F.3A83F130 Content-Type: multipart/alternative; boundary="----=_NextPart_001_003B_01C10F8F.3A83F130" ------=_NextPart_001_003B_01C10F8F.3A83F130 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable unsubscribe ------=_NextPart_001_003B_01C10F8F.3A83F130 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

unsubscribe
------=_NextPart_001_003B_01C10F8F.3A83F130-- ------=_NextPart_000_003A_01C10F8F.3A83F130 Content-Type: text/x-vcard; name="=?Windows-1252?Q?=C1ngeles_Moreno_Camarero.vcf?=" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="=?Windows-1252?Q?=C1ngeles_Moreno_Camarero.vcf?=" BEGIN:VCARD VERSION:2.1 N:Moreno Camarero;=C1ngeles FN:=C1ngeles Moreno Camarero EMAIL;PREF;INTERNET:angeles.moreno@senado.es REV:20010718T114037Z END:VCARD ------=_NextPart_000_003A_01C10F8F.3A83F130-- From thomas@xs4all.net Wed Jul 18 12:45:49 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Wed, 18 Jul 2001 13:45:49 +0200 Subject: [Mailman-Developers] Suggestion to add multiple language support In-Reply-To: <3B555A81.DFAD0ED5@turbolinux.com.cn> References: <3B555A81.DFAD0ED5@turbolinux.com.cn> Message-ID: <20010718134519.A2054@xs4all.nl> On Wed, Jul 18, 2001 at 05:44:33PM +0800, Max Yu wrote: > Currently Mailman only supports English, this is not very > convenient to average people living outside English spoken > countries. So maybe it will be great help if Mailman can > support other languages, and let users choose which language > he wants to use. > I guess this may need to add more templates directory in the > source tree, one directory for a language. Or something like > that. You need to check out the Mailman 2.1 CVS tree or the 2.1a2 release. It has full internationalization support. Lists can have a default language (for the listinfo page and such), and users can select their own languages, which overrides the list language. > I can help to write templates for Simplified Chinese, if you > need it. I'm sure that would be much appreciated. -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From wael.eskandar@streamitech.com Wed Jul 18 22:07:05 2001 From: wael.eskandar@streamitech.com (Willy) Date: Wed, 18 Jul 2001 21:07:05 GMT Subject: [Mailman-Developers] Locks In-Reply-To: <20010718134519.A2054@xs4all.nl> References: <3B555A81.DFAD0ED5@turbolinux.com.cn> <20010718134519.A2054@xs4all.nl> Message-ID: <20010718210705.70781.qmail@gawab.com> I was working on an arabic interface for the mailman 2.0 , and I was faced with the problem that some locks occur when I run the CGI scripts. What would be the cause of such locks ? Also I noticed when trying to approve 2 messages at the same time from the admindb script.. a lock occurs? is this an error in mailman ?? Will streamIT STREAM INFORMATION TECHNOLOGY http://www.streamitech.com P:+2-02-7606714 | +2-02-7603110 From jra@baylink.com Wed Jul 18 14:33:37 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 18 Jul 2001 09:33:37 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <200107180650.XAA23833@mutiny.2pi.org>; from Les Niles on Tue, Jul 17, 2001 at 11:50:33PM -0700 References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> <15188.57771.983805.886886@anthem.wooz.org> <200107180650.XAA23833@mutiny.2pi.org> Message-ID: <20010718093337.47061@scfn.thpl.lib.fl.us> On Tue, Jul 17, 2001 at 11:50:33PM -0700, Les Niles wrote: > And regardless, using POST instead of > GET is a fairly simple change. From a pragmatic point of view, > there's not much reason not to comply with the published standard, > even if its justification is weak. Actually, alas, this is the crux of the discussion. It is *not* a fairly simple change: you can't POST *from the middle of an email*, which was the desired implementation. If you use POST, the user *has to do another thing*. There is much reason not to comply with the published standard: people are stupid. Shame, isn't it? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From les@2pi.org Wed Jul 18 15:56:46 2001 From: les@2pi.org (Les Niles) Date: Wed, 18 Jul 2001 07:56:46 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718093337.47061@scfn.thpl.lib.fl.us> (jra@baylink.com) References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> <15188.57771.983805.886886@anthem.wooz.org> <200107180650.XAA23833@mutiny.2pi.org> <20010718093337.47061@scfn.thpl.lib.fl.us> Message-ID: <200107181456.HAA24335@mutiny.2pi.org> On Wed, 18 Jul 2001 09:33:37 -0400 "Jay R. Ashworth" wrote: >On Tue, Jul 17, 2001 at 11:50:33PM -0700, Les Niles wrote: >> And regardless, using POST instead of >> GET is a fairly simple change. From a pragmatic point of view, >> there's not much reason not to comply with the published standard, >> even if its justification is weak. > >Actually, alas, this is the crux of the discussion. It is *not* a >fairly simple change: you can't POST *from the middle of an email*, >which was the desired implementation. If you use POST, the user *has >to do another thing*. Well, yeah, but as I said, I think having the user do another thing actually makes for a much nicer UI. My "simple change" comment was intended to refer to the coding effort. (Hmm... seems like it would be possible to POST from a text/html section in the middle of an email... but I'm sure not going to suggest that. :) >There is much reason not to comply with the published standard: people >are stupid. Shame, isn't it? I'm not sure which stupidity you're talking about. Are you concerned that people will launch the link from the email but then not push the "confirm" (or "cancel") button? -les From chuqui@plaidworks.com Wed Jul 18 16:27:15 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 08:27:15 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <200107181456.HAA24335@mutiny.2pi.org> Message-ID: On 7/18/01 7:56 AM, "Les Niles" wrote: >> There is much reason not to comply with the published standard: people >> are stupid. Shame, isn't it? >=20 > I'm not sure which stupidity you're talking about. Are you > concerned that people will launch the link from the email but then > not push the "confirm" (or "cancel") button? I won't use the word "stupid" -- because it's not really the right word. Bu= t unskilled, or na=EFve is. Yes, that IS a legitimate worry. As you move further away from the techie priesthood, this is more and more of an issue. People aren't comfortable with computers, don't understand the processes, and don't know what to expect.=20 Every step gives them a chance to decide "the hell with it", which isn't pe= r se a bad thing, but it also gives them a chance to get confused or not pay attention.=20 Back in the early days of my big marketing server, we did mailback validations. We were seeing 30+% dropout rates, and a high level of complaints because subscriptions weren't fulfilled (and it was our fault). We removed the mailback system, complaints plummetted, subscriptions went up, and pretty much everyone is happy, except for the "all mail lists must use mailback validation" dogma-choir. And to be honest, our complaint level about that is in the hundredth's of a percent of subscriptions -- compared to the 30% problem rate those mailbacks caused. (that is not a note to imply mailback validations should be trashed. It is merely a note that the people who feel that they are the holy grail of subscription systems need to get a clue and realize there are many audience= s and many needs, and systems need to be matched to those. What I do on my marketing server, where we send out two e-mails a month, and what we do on = a busy discussion list that might server 50 e-mails a day into someone's mailbox are much different...) You have to step back and stop thinking that the people using these systems are (a) computer people, (b) think like you do, and [c] actually understand how these systems work and can guess what it takes to jump through your hoops. They don't. Every chance you give them to get it wrong, some will. Not everyone is a geek (or wants to be), not everyone is an english-first-language speaker, not everyone has experience in mail lists, not everyone can easily read instructions and translate them into a requested action. They need handholding, not because their stupid, but because we've done a lousy job of building systems that don't require them to be geeks, and then we blame THEM for not being geeks. That's why I was harping on this stuff being as simple as possible -- but a= t the same time, in this discussion, I've come to agree with thomas on this. It may be one more click, but I think the right thing to do is for the URL in the e-mail should bring up a confirmation page, which generates a summar= y of what's about to happen, and a "click here to confirm" type button. That doesn't add significantly to the confusion, and it can really, really reduc= e the uncertainty we bring to the user. Make that confirmation page the "contract" with the user, explaining what will happen, link to the instructions, the privacy agreements, etc, etc. give them an option to turn on digests there, set passwords, anything that makes sense. Turn it into a real advantage -- to you and the user. It's not just one more click; it's a way to make sure you and the user are on the same page. At least, that's where I'm headed on that, and I think Mailman ought to be, too. =20 --=20 Chuq Von Rospach, Internet Gnome [ =3D =3D ] Yes, yes, I've finally finished my home page. Lucky you. Someday, we'll look back on this, laugh nervously and change the subject. From bogus@does.not.exist.com Wed Jul 18 11:32:22 2001 From: bogus@does.not.exist.com () Date: Wed Jul 18 11:32:51 2001 Subject: No subject +0100 Received: from uzem.radio.hu (uzem.radio.hu [193.224.217.72]) by www.radio.hu (8.8.7/8.8.7) with ESMTP id KAA17043 for ; Tue, 9 Feb 1999 10:21:54 +0100 Received: from UZEM_1/MAILQUEUE by uzem.radio.hu (Mercury 1.21); 9 Feb 99 10:20:56 GMT+1 Received: from MAILQUEUE by UZEM_1 (Mercury 1.21); 9 Feb 99 10:20:35 GMT+1 From: "Cseh Miklos" Organization: MAGYAR RADIO To: filmbaratok@listserv.intercom.hu Date: Tue, 9 Feb 1999 10:20:34 CET MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: [Film] RCPT: Re: [Film] sw+ize+dorika Priority: normal X-mailer: Pegasus Mail v3.1 (R1a) Message-ID: Confirmation of reading: your message - Date: 9 Feb 99 10:07 To: vargaa@dragon.klte.hu Subject: Re: [Film] sw+ize+dorika Was read at 10:20, 9 Feb 99. **************************************************************************** * I think vargaa@dragon.... set the tracking option to on ("tell me when the mail has been delivered/read"), but I don't find anything like this in the body of his message. His message was: **************************************************************************** * From bogus@does.not.exist.com Wed Jul 18 11:32:22 2001 From: bogus@does.not.exist.com () Date: Wed Jul 18 11:32:51 2001 Subject: No subject +0100 Received: from vargaatt (pull6.satrax.hu [194.140.192.70]) by server.satrax.hu (Rockliffe SMTPRA 2.1.4) with SMTP id for ; Tue, 09 Feb 1999 10:03:04 +0000 Message-ID: <00a301be540a$96ad52a0$46c08cc2@vargaatt> Reply-To: "Varga Attila" From: "Varga Attila" To: Subject: [Film] sw+ize+dorika Date: Tue, 9 Feb 1999 08:40:45 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 **************************************************************************** *** What is this? I'm filtering the "RCPT:" e-mails now.... Regards Bence From bogus@does.not.exist.com Wed Jul 18 11:32:22 2001 From: bogus@does.not.exist.com () Date: Wed Jul 18 11:32:58 2001 Subject: No subject rikers.streek.com (8.8.7/8.8.7/streek_rikers_103) with ESMTP id KAA11378 for ; Fri, 14 May 1999 10:12:49 -0500 Received: from localhost (chuque@localhost)by xyz.xyz.com (8.8.5/8.8.5/TIBA-0301-2006) with SMTP id AAA07584; Fri, 2 Sep 2022 00:50:04 GMT Date: Fri May 14 10:12:50 1999 From: Chuque XYZ X-Sender: xyz@xyz.xyz.com To: "Cheryl A. XYZ" cc: BHB Rescue Subject: Re: [BHBRescue] Fw: [BHB] HELP!!!! In-Reply-To: <001701be9e19$7d0fa1a0$588b28d8@xyz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII From barry@wooz.org Wed Jul 18 11:32:22 2001 From: barry@wooz.org (Barry A. Warsaw) Date: Wed Jul 18 11:34:00 2001 Subject: [Mailman-Developers] Announcing Mailman 2.0 release candidate 1 Hello folks, Okay, we're really close now! I've put together Mailman 2.0 release candidate 1 and uploaded it to SourceForge. You can grab the tarball from the file release page at http://sourceforge.net/project/shownotes.php?release_id=14446 www.list.org and www.gnu.org should be updated soon. This release contains a bunch of bug fixes and a few local security patches. The source code is essentially frozen, modulo any last minute show stopper bugs. I will probably make a pass at the documentation before the final release. Expect 2.0 final hopefully by the weekend. Enjoy, -Barry From barry@digicool.com Wed Jul 18 11:32:22 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed Jul 18 11:34:21 2001 Subject: [Mailman-Developers] Mailman 2.0.1 patch --K1eGMMCE0X Content-Type: text/plain; charset=us-ascii Content-Description: message body text Content-Transfer-Encoding: 7bit Folks, Here's the patch I plan to upload as 2.0 -> 2.0.1 (module Version.py file updates). This should fix the bin/withlist buglet and the qrunner deadlock problem. I've installed it on mail.python.org and it seems to be working, so please give it a look. I will be checking this into the 2.0.1 branch. Cheers, -Barry --K1eGMMCE0X Content-Type: text/plain Content-Description: Mailman 2.0 -> 2.0.1 beta 1 Content-Disposition: inline; filename="mm-patch-201.txt" Content-Transfer-Encoding: 7bit Index: Mailman/Version.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v retrieving revision 1.20 diff -u -r1.20 Version.py --- Mailman/Version.py 2000/11/21 15:57:05 1.20 +++ Mailman/Version.py 2001/01/02 19:53:34 @@ -15,7 +15,7 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # Mailman version -VERSION = "2.0" +VERSION = "2.0.1b1" # And as a hex number in the manner of PY_VERSION_HEX ALPHA = 0xa @@ -27,10 +27,10 @@ MAJOR_REV = 2 MINOR_REV = 0 -MICRO_REV = 0 -REL_LEVEL = FINAL +MICRO_REV = 1 +REL_LEVEL = BETA # at most 15 beta releases! -REL_SERIAL = 0 +REL_SERIAL = 1 HEX_VERSION = ((MAJOR_REV << 24) | (MINOR_REV << 16) | (MICRO_REV << 8) | (REL_LEVEL << 4) | (REL_SERIAL << 0)) Index: admin/www/download.ht =================================================================== RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v retrieving revision 1.5 diff -u -r1.5 download.ht --- admin/www/download.ht 2000/11/21 15:57:49 1.5 +++ admin/www/download.ht 2001/01/02 19:53:38 @@ -65,9 +65,9 @@

Downloading

Version -(2.0, +(2.0.1b1, released on -Nov 21 2000) +Jan 2 2001) is the current GNU release. It is available from the following mirror sites:

    Index: bin/withlist =================================================================== RCS file: /cvsroot/mailman/mailman/bin/withlist,v retrieving revision 1.11 diff -u -r1.11 withlist --- bin/withlist 2000/11/11 01:54:26 1.11 +++ bin/withlist 2001/01/02 19:53:52 @@ -159,6 +159,8 @@ except getopt.error, m: usage(m) + lock = 0 + run = None for opt, arg in opts: if opt in ('-h', '--help'): usage(code=0) @@ -171,8 +173,6 @@ usage('No list name supplied.') listname = string.lower(args.pop(0)) - lock = 0 - run = None # first try to open mailing list write('Loading list:', listname, file=sys.stderr, nl=0) Index: cron/qrunner =================================================================== RCS file: /cvsroot/mailman/mailman/cron/qrunner,v retrieving revision 1.18 diff -u -r1.18 qrunner --- cron/qrunner 2000/09/18 21:28:42 1.18 +++ cron/qrunner 2001/01/02 19:53:52 @@ -78,6 +78,7 @@ import time import marshal import mimetools +from stat import ST_SIZE import paths from Mailman import mm_cfg @@ -191,6 +192,17 @@ msgcount = 0 allkids = {} for file in os.listdir(mm_cfg.QUEUE_DIR): + # Keep the qrunner lock alive for a while longer + lock.refresh() + root, ext = os.path.splitext(os.path.join(mm_cfg.QUEUE_DIR, file)) + if ext == '.db': + # If the .db file has no corresponding .msg file, we might as well + # remove the .db file, since there's little we can do about it. + if not os.path.exists(root+'.msg'): + syslog('qrunner', 'Unlinking orphaned .db file: %s.db' % root) + os.unlink(root+'.db') + # just trigger off the .msg files + continue # Have we exceeded either resource limit? if mm_cfg.QRUNNER_PROCESS_LIFETIME is not None and \ (time.time() - t0) > mm_cfg.QRUNNER_PROCESS_LIFETIME: @@ -199,12 +211,6 @@ msgcount > mm_cfg.QRUNNER_MAX_MESSAGES: break msgcount = msgcount + 1 - # Keep the qrunner lock alive for a while longer - lock.refresh() - root, ext = os.path.splitext(os.path.join(mm_cfg.QUEUE_DIR, file)) - if ext <> '.msg': - # trigger just off the .msg file - continue msgfp = dbfp = None try: dbfp = open(root + '.db') --K1eGMMCE0X-- From webmaster@gazaweb.co.kr Wed Jul 11 15:08:52 2001 From: webmaster@gazaweb.co.kr (=?EUC-KR?B?wMzA2r+1=?=) Date: Wed, 11 Jul 2001 23:08:52 +0900 Subject: [Mailman-Developers] =?EUC-KR?B?W8DMuqXGrl0gxq+6sMfRIMf9xcMh=?= Message-ID: <20010711230853.14FA1122.FAD061AF@TheRedSpider> This is a multi-part message in MIME format. ----RED_SPIDER_0001_0001 Content-Type: multipart/related; boundary="--RED_SPIDER_0002_0002"; type="multipart/alternative" ----RED_SPIDER_0002_0002 Content-Type: multipart/alternative; boundary="--RED_SPIDER_0003_0003" ----RED_SPIDER_0003_0003 Content-Type: text/plain; charset="EUC-KR" Content-Transfer-Encoding: base64 VW50aXRsZWQgRG9jdW1lbnQNCiANCiANCiANCiANCiANCiANCiANCiANClRB QkxFIHsgCUZPTlQtRkFNSUxZOiAisby4siI7IEZPTlQtU0laRTogOXB0OyBM SU5FLUhFSUdIVDogMTNwdCB9IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KaHR0cDovL2dhemF3ZWIuY28uaw0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KorwgtfDB9sW7ILy8sOi3zsDHIMO5sMnAvSAuLiBQcm9m ZXNzaW9uYWwNCiANCiANCr7Is+fHz7y8v+Qgsde1v77IIMDOxc3A2sDOwLsg u+e2+8fYIMHWvcUgv6m3r7rQsrIgsKi758DHILi7vrjAuyC15biztM+02S4g DQogwPrI8SDAzsXNwNrAzsDMILPrtb+6zrfOILrOxc0gwOfB98DaIMH3vve0 ybfCsLO538jGt8Ow+sGkwLsgwM6wobnevsYgxq+6sCDAzLqlxq64piDH4Lvn x8+w7SDA1r3AtM+02S4guLnAuiDC/L+pILrOxbm15biztM+02S4NCiANCiAN CiANCiANCiANCiANCiANCiANCi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLg0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0Kor64xb/5IMO5wrDB1iC/+b/kwM8gLCC4xb/5ILzC wrDB1iC/+b/kwM8gor4gDQogDQogDQq89rCtvcXDuyC/wrbzwM4gv7m+4CC8 rbrxvbogvce9wyAovLHC+Lz4waK89ikNCiANCiANCiANCiANCiANCiANCiAN CiANCiANCiANCiANCsGivPa55rn9DQogOg0KIA0KIA0Kx8+03LrOwMcgv8K2 88DOILvztOMNCsDbvLrIxCDA/Lzbx9ggwda9w7jpIMiuwM7IxCCx4sDntcgg v6y29MOzt84gwPzIrbimILXluLO0z7TZLg0KIA0KwNq8vMfRILmuwMe0wiAN CjAyKTc0NC05NTg0DQq3ziC5rsDHILnZtvi0z7TZLg0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQqh2iC/wrbzwM4gwaK89iC55rn9wLsgxevH 2CC17rfPx8+9w7TCIMfQu/2/obDUIMavurDH0SDH/cXDwLsgteW4s7TPtNkh DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQoxLg0KIA0KIA0KwfcN CsDlwM4gDQqw7b/rurjH6A0KIL3HvcMoDQo1MC02MCUgx9LAzg0KKSEhIQ0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KMi4NCiANCiANCsGkDQqx1CC17rfP vcMgsO2x3iANCr26xLOzyg0KIA0KwfUNCsGkISEhDQogDQogDQogDQogDQog DQogDQogDQogDQozLg0KIA0KIA0KxMQNCrD8t8MgwOLB9iC51yCxs8DnILmr t+HB9cGkIA0KISENCiANCiANCiANCiANCiANCiANCiANCiANCjQuDQogDQog DQq/wg0KtvPAziCwrcHCILCzvLMhISENCiANCiANCiANCiANCiANCiANCiAN CiANCjUuDQogDQogDQq5qw0Kt+EgwOe89rCtILnXIL7GuKO52cDMxq4gwfa/ +CAhISENCiANCiANCiANCiANCiANCiANCiANCiANCiANCiANCiANCiANCiAN CiANCiANCiANCiANCiANCiANCiANCiANCiANCiANCi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLg0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KMjG8 vLHiDQogu+q+97XwwNrAziC60L7fwMcgseK8+iC51yDA2rq7wMwgsLO55rXH sO0gseK8+rW1wNTAzCC6u7DdwPvAuLfOIL3DwNu1y7TPtNkuILHXwd+/obyt tbUgwKW18MDawMyzyiwgDQogwKW4tr26xc0sILPXxq6/9sWpILD8uK675ywg xMTHu8XNILHXt6HHyCC60L7fte4gSVTB98G+wLogsdcgwP3BpL+hIMDMuKaw zcC4t84gwPy4wbXHsO0gwNa9wLTPtNkuIA0KIA0KwMy5zCDAzLrQvt+/oSDB +MPiwLsgvcO1tcfPsO0gwNa0wiC067HivvcgudcguqXDs7HivvfAzCC807zT ILTDsO20wiDA1sH2uLggwM7FzbPdILvnv+vAzrG4wMcgsd7B9cC4t84gwM7H 0SDA/LmuIMDOt8LAuiANCiDA/bTrus7Bt8DMtvO0wiCzrcGmv6Egus61+sPE ILmrvvm6uLTZtbUgwPy5rsDOt8IgyK66uLChILCiILHivvfAxyDD1rTrILD6 waawoSC1x7DtIMDWvcC0z7TZLiDAzL+hILnfuMLD377uILq7v/i/obyttMIg DQogtPUguLnAuiDA/LmuIMDOt8LAuyC+57y6x8+x4iDAp8fRIMDPyK/AuLfO IMD7wLoguvG/68C4t84gtPUguLnAuiCxs8CwseLIuLimILrOv6kgx8+x4sCn x9ggyLmx4sD7wM4gsbPAsCC9w726xdsgsLO537+hIA0KILnawve4piCwocfP v7S9wLTPtNkuILHXILDhsPoguru/+MDHILHXILCjIMPgwPu1yCCz68fPv+y/ zSCxs8CwvcO9usXbIL/uv7XAxyDA5cGhwLsgw9a068fRIMiwv+vHz7+pIMPW tOvAxyDB+MfQt/yw+iANCiDD1rTrwMcgw+u+97f8wLsgwM7BpLnesNQgtce+ +r3AtM+02S4gDQogDQogDQqx4si4tMIgs6++xrChtMIgu/W/zbCwvcC0z7TZ LiCzr77GsKEgufa4rrHiwPy/oSDA4sC4vLy/5CAhIQ0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQqxs8CwILD6waQNCqGhDQogDQo6IA0KwKUgtfDA2sDODQogLyAN CsClILi2vbrFzQ0KIC8gDQozRA0KIL+htM+43sDMvMcNCiAvIMD8wNq787DF t6ENCiA6IA0KwKXE2rXws9fAzMXNDQogLyANCkQuVC5QDQogLyANCrDHw+C9 w7nEt7nAzLzHKENBRCkNCiAvILjWxry5zLXwvu4NCiANCiANCiANCiANCiAN CiANCiANCk9OIC0gTElORSC787TjICAgICAgDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQoqDQrAzLinIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KKg0KvLq6sA0KIA0Ks7INCiANCiAgICAN Cr+pDQogDQogDQogDQogDQogDQogDQoqDQq7/bPiv/nAzw0KIA0KIA0KIA0K s+IgDQogDQq8scXDDQogDQoxDQogDQoyDQogDQozDQogDQo0DQogDQo1DQog DQo2DQogDQo3DQogDQo4DQogDQo5DQogDQoxMA0KIA0KMTENCiANCjEyDQog DQogv/kgDQogDQq8scXDDQogDQoxDQogDQoyDQogDQozDQogDQo0DQogDQo1 DQogDQo2DQogDQo3DQogDQo4DQogDQo5DQogDQoxMA0KIA0KMTENCiANCjEy DQogDQoxMw0KIA0KMTQNCiANCjE1DQogDQoxNg0KIA0KMTcNCiANCjE4DQog DQoxOQ0KIA0KMjANCiANCjIxDQogDQoyMg0KIA0KMjMNCiANCjI0DQogDQoy NQ0KIA0KMjYNCiANCjI3DQogDQoyOA0KIA0KMjkNCiANCjMwDQogDQozMQ0K IA0KIMDPICAgv7k6IDIwMDGz4iAxv/kgMcDPDQogDQogDQogDQogDQoqDQrA /MitufjIow0KIA0KIA0KIA0KvLHFww0KIA0KMDINCiANCjAzMQ0KIA0KMDMy DQogDQowMzMNCiANCjA0MQ0KIA0KMDQyDQogDQowNDMNCiANCjA1MQ0KIA0K MDUyDQogDQowNTMNCiANCjA1NA0KIA0KMDU1DQogDQowNjENCiANCjA2Mg0K IA0KMDYzDQogDQowNjQNCiANCiAtIA0KIA0KIA0KIA0KIA0KIA0KIA0KKg0K RkFYDQogDQogDQogDQq8scXDDQogDQowMg0KIA0KMDMxDQogDQowMzINCiAN CjAzMw0KIA0KMDQxDQogDQowNDINCiANCjA0Mw0KIA0KMDUxDQogDQowNTIN CiANCjA1Mw0KIA0KMDU0DQogDQowNTUNCiANCjA2MQ0KIA0KMDYyDQogDQow NjMNCiANCjA2NA0KIA0KIC0gDQogDQogDQogDQogDQogDQogDQoqDQrI3rTr xvkNCiANCiANCiANCryxxcMNCiANCjAxMQ0KIA0KMDE2DQogDQowMTcNCiAN CjAxOA0KIA0KMDE5DQogDQogLSANCiANCiANCiANCiANCiANCiANCioNCsHW vNINCiANCiANCiANCiANCiANCiANCiANCioNCkUtbWFpbA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KKg0KyLi757jtDQogDQogDQogDQoox9Cxs7jtKQ0KIA0K IA0KIA0KIA0KKg0Kua7Ax8fQsPoNCiANCiANCiANCryxxcMNCiANCrjWxry5 zLXwvu4NCiANCsCltfDA2sDODQogDQrApcTatfCz18DMxc0NCiANCsCluLa9 usXNDQogDQozRCC+1rTPuN7AzLzHDQogDQpBdXRvIENhZA0KIA0KRFRQDQog DQogDQogDQogDQogDQoqDQq5rsDHILvnx9cNCiANCiANCiANCiANCiANCiAN CiANCiANCiANCiANCiANCiAgIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uDQogDQogDQogDQogDQogDQogDQogDQogDQogDQqh2CCx4sW4IMDavLzH 0SCxs8Cws7u/68C6DQpUZWwgOiAwMik3NDQtOTU4NA0KwLi3ziC5rsDHILnZ tvi0z7TZLg0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KICAgIA0KKiDB vrfOLTHIo7yxIMG+t841sKG/qiAyufjD4rG4IMfRsbnF9cDavcXFucH1sce6 9LX5IDRGIA0KIA0KICAgICAqIMioxuTAzMH2IA0KaHR0cDovL2dhemF3ZWIu Y28ua3INCiANCiAgICAgKiCxs8CwtOO05yANCndlYm1hc3RlckBnYXphd2Vi LmNvLmtyDQogKMDMwNq/tSkgDQogDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQogDQog DQogDQogDQogDQogDQogDQo== ----RED_SPIDER_0003_0003 Content-Type: text/html; charset="EUC-KR" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBU cmFuc2l0aW9uYWwvL0VOIj4NCjxodG1sPg0KPGhlYWQ+PFRJVExFPlVudGl0 bGVkIERvY3VtZW50PC9USVRMRT4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRl bnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXVuaWNvZGUi Pg0KPE1FVEEgY29udGVudD0iTVNIVE1MIDUuMDAuMjMxNC4xMDAwIiBuYW1l PUdFTkVSQVRPUj4NCjwvaGVhZD4NCjxCT0RZPg0KDQoNCjx0YWJsZSB3aWR0 aD0iMTAwJSIgIGJnY29sb3I9IiNmZmZmZmYiIHRleHQ9IiMwMDAwMDAiPg0K DQogIA0KICA8VFI+PHRkIHZhbGlnbj10b3A+DQo8dGFibGUgYm9yZGVyPTAg Y2VsbHBhZGRpbmc9NCBjZWxsc3BhY2luZz0xIHdpZHRoPSIxMDAlIj4NCg0K ICA8dGJvZHk+IA0KICA8dHI+IA0KICAgIDx0ZCBiZ2NvbG9yPSNmZmZmZmYg Y29sc3Bhbj0yPjxmb250IHNpemU9LTE+PCEtLSBtaWFnZW50IHN1YiBzdGFy dCAtLT4NCiAgICAgIDwvZm9udD4gDQogIDx0cj4gDQogICAgPHRkIGJnY29s b3I9I2ZmZmZmZiBjb2xzcGFuPTI+PGZvbnQgc2l6ZT0tMT4NCiAgICAgICAg ICAgIDxTVFlMRSB0eXBlPXRleHQvY3NzPlRBQkxFIHsNCglGT05ULUZBTUlM WTogIrG8uLIiOyBGT05ULVNJWkU6IDlwdDsgTElORS1IRUlHSFQ6IDEzcHQN Cn0NCjwvU1RZTEU+DQogICAgICANCjx0YWJsZSB3aWR0aD0iMTAwJSIgbWFy Z2lud2lkdGg9IjAiIG1hcmdpbmhlaWdodD0iMTAiICAgICAgICAgICAgICAg ICAgIGxlZnRtYXJnaW49IjAiIHRvcG1hcmdpbj0iMTAiIGhlaWdodD0iMTU0 MiI+DQoNCiAgICAgICAgPHRib2R5PiANCiAgICAgICAgPHRyPiANCiAgICAg ICAgICA8dGQgdmFsaWduPXRvcCBoZWlnaHQ9IjE0NDIiPiANCiAgICAgICAg ICAgIA0KPHRhYmxlIGFsaWduPWNlbnRlciBiZ2NvbG9yPSMwMDAwMDAgYm9y ZGVyPTAgICAgICAgICAgICAgICAgICAgICAgICAgY2VsbHBhZGRpbmc9MCBj ZWxsc3BhY2luZz0wIGhlaWdodD0xNTM3IHdpZHRoPTU3OT4NCg0KICAgICAg ICAgICAgICA8dGJvZHk+IA0KICAgICAgICAgICAgICA8dHI+IA0KICAgICAg ICAgICAgICAgIDx0ZCBoZWlnaHQ9OTc0PiANCiAgICAgICAgICAgICAgICAg IA0KPHRhYmxlIGJvcmRlcj0wIGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9 MSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aWR0aD02OTkgaGVp Z2h0PSIxNTMxIj4NCg0KICAgICAgICAgICAgICAgICAgICA8dGJvZHk+IA0K ICAgICAgICAgICAgICAgICAgICA8dHI+IA0KICAgICAgICAgICAgICAgICAg ICAgIDx0ZCBoZWlnaHQ9MjU+IA0KICAgICAgICAgICAgICAgICAgICAgICAg DQo8dGFibGUgYm9yZGVyPTAgY2VsbHBhZGRpbmc9MCBjZWxsc3BhY2luZz0w ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2lkdGg9IjEwMCUi Pg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4gDQogICAg ICAgICAgICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRkIHdpZHRoPSI3NiUiPjxhIGhyZWY9Imh0dHA6Ly9n YXphd2ViLmNvLmtyIiB0YXJnZXQ9Il9ibGFuayI+PGZvbnQgY29sb3I9Indo aXRlIj48Yj5odHRwOi8vZ2F6YXdlYi5jby5rPC9iPjwvZm9udD48L2E+PC90 ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9IjI0 JSI+PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4gDQogICAgICAgICAg ICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgICAgICAgICAg IDwvdGQ+DQogICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAg ICAgICAgICAgIDx0ciBiZ2NvbG9yPSNmOGU2YWQgdmFsaWduPXRvcD4gDQog ICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD0xIGJnY29sb3I9IiNk ZmU4ZmYiPiANCiAgICAgICAgICAgICAgICAgICAgICAgIA0KPHRhYmxlIGJn Y29sb3I9I2ZjZmFmMSBib3JkZXI9MCB3aWR0aD03MDA+DQoNCiAgICAgICAg ICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 dGQgY29sc3Bhbj0zPjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAg IDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4gDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdpZHRoPTExMj4gPC90ZD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9MTA+Jm5i c3A7PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lk dGg9NTU4Pjxmb250IGNvbG9yPSMzMzAwMDAgDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHNpemU9Mj48Yj48Zm9udCBjb2xvcj0jNGUyNDE4 PqK8ILXwwfbFuyC8vLDot87AxyDDubDJwL0gLi4gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBQcm9mZXNzaW9uYWw8L2ZvbnQ+PC9iPjwvZm9u dD48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6 ZT0yPjxicj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZm9u dD48Zm9udCBjb2xvcj0jMDAzMzMzPjxicj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxmb250IGNvbG9yPSIjMzMwMGNjIj6+yLPn x8+8vL/kILHXtb++yCDAzsXNwNrAzsC7ILvntvvH2CANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIMHWvcUgv6m3r7rQsrIgsKi758DH ILi7vrjAuyC15biztM+02S4gPGJyPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgwPrI8SDAzsXNwNrAzsDMILPrtb+6zrfOILrOxc0g wOfB98DaIMH3vve0ybfCsLO538jGt8Ow+sGkwLsgwM6wobnevsYgxq+6sCDA zLqlxq64piANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IMfgu+fHz7DtIMDWvcC0z7TZLiC4ucC6IML8v6kgus7FubXluLO0z7TZLjwv Zm9udD48L2ZvbnQ+PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg PC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4gDQog ICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAg ICAgICAgICAgICAgDQo8dGFibGUgYWxpZ249Y2VudGVyIGJnY29sb3I9I2Zj ZmFmMSBib3JkZXI9MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGNlbGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCBoZWlnaHQ9OCB3aWR0aD03 MDA+DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRyIHZhbGlnbj10b3A+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9Mj4gDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPWNlbnRlcj48 Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0x Pi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLjwvZm9udD48L2Rpdj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PiANCiAgICAgICAg ICAgICAgICAgICAgICAgIDwvdGFibGU+DQogICAgICAgICAgICAgICAgICAg ICAgICANCjx0YWJsZSBib3JkZXI9MCBjZWxscGFkZGluZz0wIGNlbGxzcGFj aW5nPTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aWR0aD03 MDA+DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRyIGJnY29sb3I9I2ZjZmFmMSB2 YWxpZ249Ym90dG9tPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 dGQgaGVpZ2h0PTM2IHdpZHRoPTg+Jm5ic3A7PC90ZD4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dGQgYmdjb2xvcj0jZmNmYWYxIGhl aWdodD0zNiBjb2xzcGFuPSIyIj48Zm9udCANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgY29sb3I9IzMzMDAwMCBzaXplPTI+PGI+IDxtYXJx dWVlIGJlaGF2aW9yPWFsdGVybmF0ZSANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgc2Nyb2xsYW1vdW50PTEwPjxmb250IGNvbG9yPSMwNDhk MGM+or64xb/5IMO5wrDB1iC/+b/kwM8gLCC4xb/5ILzCwrDB1iC/+b/kwM8g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCiviA8L2Zv bnQ+PGJyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PC9tYXJxdWVlPjwvYj48YnI+DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg Y29sb3I9IzY2MDA2Nj689rCtvcXDuyC/wrbzwM4gv7m+4CC8rbrxvbogvce9 wyAovLHC+Lz4waK89ik8L2ZvbnQ+PC9mb250PjwvdGQ+DQogICAgICAgICAg ICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAg ICAgIDx0ciBiZ2NvbG9yPSNmY2ZhZjE+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0ZCBoZWlnaHQ9MiB3aWR0aD04PiZuYnNwOzwvdGQ+DQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD0yIGNvbHNw YW49IjIiPiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAg IDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDx0ciBiZ2NvbG9y PSNmY2ZhZjE+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBo ZWlnaHQ9MiB3aWR0aD04PiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRkIGhlaWdodD0yIHdpZHRoPTc4IHZhbGlnbj0idG9w Ij48Yj48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg Y29sb3I9IzRlMjQxOD7Borz2uea5/TwvZm9udD48L2I+IDo8L3RkPg0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9MiB3aWR0aD02 MTQgdmFsaWduPSJ0b3AiPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxwPjxmb250IGNvbG9yPSM2NjAwMzM+PGZvbnQgY29sb3I9 IzRhMzcyZj7Hz7Tcus7AxyANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgv8K288DOILvztOM8L2ZvbnQ+PC9mb250Pjxmb250IA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb2xvcj0jNGEzNzJm PsDbvLrIxCDA/Lzbx9ggwda9w7jpIMiuwM7IxCCx4sDntcggv6y29MOzt84g wPzIrbimILXluLO0z7TZLjxicj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPC9mb250Pjxmb250IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBjb2xvcj0jNGEzNzJmPsDavLzH0SC5rsDHtMIg PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbG9y PSNjNTEyMWI+PGJpZz4wMik3NDQtOTU4NDwvYmlnPjwvZm9udD63ziC5rsDH IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICC52bb4 tM+02S48L2ZvbnQ+PC9wPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90 cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4gDQogICAg ICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgICAg ICAgICAgICAgDQo8dGFibGUgYWxpZ249Y2VudGVyIGJnY29sb3I9I2ZjZmFm MSBib3JkZXI9MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNl bGxwYWRkaW5nPTAgY2VsbHNwYWNpbmc9MCBoZWlnaHQ9OCB3aWR0aD03MDA+ DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRyIHZhbGlnbj10b3A+IA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9Mj4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPWNlbnRlcj48Zm9u dCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0xPi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLjwvZm9udD48L2Rpdj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAg ICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PiANCiAgICAgICAgICAg ICAgICAgICAgICAgIDwvdGFibGU+DQogICAgICAgICAgICAgICAgICAgICAg ICANCjx0YWJsZSBib3JkZXI9MCBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5n PTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aWR0aD00OTg+ DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8dGQgY29sc3Bhbj0yIGhlaWdodD0zNiB2YWxpZ249Ym90 dG9tPiA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PiANCiAgICAgICAg ICAgICAgICAgICAgICAgIDwvdGFibGU+DQogICAgICAgICAgICAgICAgICAg ICAgICANCjx0YWJsZSBhbGlnbj1jZW50ZXIgYmdjb2xvcj0jMDAwMDAwIGJv cmRlcj0wICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2VsbHBh ZGRpbmc9MCBjZWxsc3BhY2luZz0wIHdpZHRoPTEzNT4NCg0KICAgICAgICAg ICAgICAgICAgICAgICAgICA8dGJvZHk+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICA8dHI+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0 ZD4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCjx0YWJsZSBi b3JkZXI9MCBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5nPTEgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBoZWlnaHQ9IjEwMCUiIHdpZHRoPSIx MDAlIj4NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJv ZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHIgYmdj b2xvcj0jZmZmZmZmPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgaGVpZ2h0PTQ3PiANCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIA0KPHRhYmxlIGFsaWduPWNlbnRlciBiZ2NvbG9yPSNm ZmZmZmYgYm9yZGVyPTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5nPTAgd2lkdGg9Njg0Pg0KDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRk IGhlaWdodD0xNjAgdmFsaWduPXRvcCB3aWR0aD0zMj48L3RkPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9 MTYwIHdpZHRoPTQ4ND4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICANCjx0YWJsZSBib3JkZXI9MCBjZWxscGFkZGluZz0z IGNlbGxzcGFjaW5nPTMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB3aWR0aD00ODQ+DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgaGVpZ2h0PTIg d2lkdGg9NDcxPjxmb250IHNpemU9Mj48Yj48Zm9udCANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgY29sb3I9IzY2MDA2Nj48dT6h2iC/wrbz wM4gwaK89iC55rn9wLsgxevH2CC17rfPx8+9w7TCIMfQu/2/obDUIMavurDH 0SANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIMf9xcPAuyC15biztM+02SE8L3U+PC9mb250PjwvYj48L2ZvbnQ+ PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPC90Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQo8dGFibGUgYm9y ZGVyPTAgd2lkdGg9NDgyPg0KDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPHRkIHdpZHRoPTU+Jm5ic3A7PC90ZD4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQg d2lkdGg9MjA+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGRpdiBhbGlnbj0iY2VudGVyIj48Zm9u dCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0yPjxi PjEuPC9iPjwvZm9udD48L2Rpdj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0 ZCB3aWR0aD0yODM+PGI+PGZvbnQgY29sb3I9ImJsdWUiIHNpemU9IjMiPsH3 PC9mb250PjwvYj7A5cDOIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPGZvbnQgY29sb3I9InJlZCI+ sO2/67q4x+g8L2ZvbnQ+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgvce9wyg8Zm9udCBjb2xvcj0i I2ZmMzMzMyI+NTAtNjAlIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgx9LAzjwvZm9udD4pISEhPC90 ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8dGQgd2lkdGg9MTU2PiZuYnNwOzwvdGQ+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwv dHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdpZHRoPTU+Jm5ic3A7PC90 ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8dGQgd2lkdGg9MjA+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBhbGln bj0iY2VudGVyIj48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgc2l6ZT0yPjxiPjIuPC9iPjwvZm9udD48L2Rpdj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDx0ZCB3aWR0aD0yODM+PGZvbnQgc2l6ZT0zPjxiPjxm b250IGNvbG9yPSIjNjYwMDY2Ij7BpDwvZm9udD48L2I+PC9mb250PrHUIA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgte63z73DILDtsd4gPGZvbnQgY29sb3I9InJlZCI+vbrEs7PK PC9mb250PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxmb250IGNvbG9yPSIjMzMzMzMzIj7B9Twv Zm9udD7BpCEhITwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdpZHRoPTE1Nj4mbmJzcDs8 L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dHI+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCB3aWR0 aD01IGhlaWdodD0iMjIiPiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdpZHRo PTIwIGhlaWdodD0iMjIiPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgYWxpZ249ImNlbnRl ciI+PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNp emU9Mj48Yj4zLjwvYj48L2ZvbnQ+PC9kaXY+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgd2lkdGg9MjgzIGhlaWdodD0iMjIiPjxmb250IHNpemU9Mz48 Yj48Zm9udCBjb2xvcj0iIzI3NDUzMSI+xMQ8L2ZvbnQ+PC9iPjwvZm9udD48 Yj48Zm9udCBjb2xvcj0iIzY2NjY2NiIgc2l6ZT0iMyI+sPy3wyANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIMDiwfYgudcgsbPA5yC5q7fhwfXBpCA8L2ZvbnQ+PC9iPjxmb250IGNv bG9yPSIjNjY2NjY2IiBzaXplPSIzIj4hITwvZm9udD48L3RkPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDx0ZCB3aWR0aD0xNTYgaGVpZ2h0PSIyMiI+Jm5ic3A7PC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9NSBoZWlnaHQ9 IjE2Ij4mbmJzcDs8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCB3aWR0aD0yMCBoZWlnaHQ9 IjE2Ij4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPSJjZW50ZXIiPjxmb250IA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplPTI+PGI+NC48 L2I+PC9mb250PjwvZGl2Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHdp ZHRoPTI4MyBoZWlnaHQ9IjE2Ij48Yj48Zm9udCBjb2xvcj0iI2ZmMDAwMCIg c2l6ZT0iMyI+v8I8L2ZvbnQ+PC9iPrbzwM4gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICCwrcHCILCz vLMhISE8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDx0ZCByb3dzcGFuPSIyIiBoZWlnaHQ9IjM5 Ij4mbmJzcDs8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+IA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDx0ZCB3aWR0aD01IGhlaWdodD0iMjEiPiZuYnNwOzwvdGQ+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PHRkIHdpZHRoPTIwIGhlaWdodD0iMjEiPiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgYWxp Z249ImNlbnRlciI+PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHNpemU9Mj48Yj41LjwvYj48L2ZvbnQ+PC9kaXY+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8dGQgd2lkdGg9MjgzIGhlaWdodD0iMjEiPjxiPjxm b250IGNvbG9yPSIjY2MwMGNjIiBzaXplPSIzIj65qzwvZm9udD48L2I+t+Eg DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICDA57z2sK0gudcgvsa4o7nZwMzGriDB9r/4ICEhITwvdGQ+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDx0ZCBoZWlnaHQ9MTYwIHdpZHRoPTEyNz4NCjxpbWcgc3JjPSJodHRwOi8v Z2F6YXdlYi5jby5rci9pbWFnZXMvZXZlbnQuZ2lmIiB3aWR0aD0iMTM2IiBo ZWlnaHQ9IjE0NSI+DQogPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8dGQgaGVpZ2h0PTE2MCB2YWxpZ249Ym90dG9t IHdpZHRoPTMxPjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 L3Rib2R5PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGFi bGU+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgPC90Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAgICA8 L3RhYmxlPg0KICAgICAgICAgICAgICAgICAgICAgICAgDQo8dGFibGUgYWxp Z249Y2VudGVyIGJvcmRlcj0wIGNlbGxwYWRkaW5nPTAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBjZWxsc3BhY2luZz0wIGhlaWdodD04IHdp ZHRoPTcwMD4NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+ IA0KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHIgdmFsaWduPXRvcD4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD0yPiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgYWxpZ249Y2Vu dGVyPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBz aXplPTE+Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uPC9mb250PjwvZGl2Pg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDwv dHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgICAg ICAgICAgICAgIA0KPHRhYmxlIGJvcmRlcj0wIGNlbGxwYWRkaW5nPTAgY2Vs bHNwYWNpbmc9MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdp ZHRoPTcwMCBoZWlnaHQ9Ijk2MiI+DQoNCiAgICAgICAgICAgICAgICAgICAg ICAgICAgPHRib2R5PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgPHRy IGJnY29sb3I9I2ZjZmFmMT4gDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgPHRkIHdpZHRoPTE2PiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRkIHdpZHRoPTcxOD4mbmJzcDs8L3RkPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICA8dHIgYmdjb2xvcj0jZmNmYWYxPiANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8dGQgd2lkdGg9MTY+Jm5ic3A7PC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dGQgYmdjb2xvcj0jZmNmYWYxIHdp ZHRoPTcxOD48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgc2l6ZT00PjxiPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBzaXplPTM+MjG8vLHiPC9mb250PjwvYj48L2ZvbnQ+PGZvbnQg DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbG9yPSMwMDUx NTE+ILvqvve18MDawM4gutC+38DHILHivPogudcgwNq6u8DMILCzuea1x7Dt ILHivPq1tcDUwMwguruw3cD7wLi3ziANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIL3DwNu1y7TPtNkuILHXwd+/obyttbUgwKW18MDawMyzyiwg PGJyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgwKW4tr26xc0s ILPXxq6/9sWpILD8uK675ywgxMTHu8XNILHXt6HHyCC60L7fte4gSVTB98G+ wLogsdcgwP3BpL+hIMDMuKawzcC4t84gwPy4wbXHsO0gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICDA1r3AtM+02S4gPC9mb250PiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxmb250IGNvbG9yPSMwMDUx NTE+wMy5zCDAzLrQvt+/oSDB+MPiwLsgvcO1tcfPsO0gwNa0wiC067Hivvcg udcgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgILqlw7Ox4r73 wMwgvNO80yC0w7DttMIgwNbB9ri4IMDOxc2z3SC757/rwM6xuMDHILHewfXA uLfOIMDOx9EgwPy5riDAzrfCwLogPGJyPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICDA/bTrus7Bt8DMtvO0wiCzrcGmv6Egus61+sPEILmr vvm6uLTZtbUgwPy5rsDOt8IgyK66uLChILCiILHivvfAxyDD1rTrILD6waaw oSC1x7DtIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICDA1r3A tM+02S4gwMy/oSC537jCw9++7iC6u7/4v6G8rbTCIDxicj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgtPUguLnAuiDA/LmuIMDOt8LAuyC+ 57y6x8+x4iDAp8fRIMDPyK/AuLfOIMD7wLoguvG/68C4t84gtPUguLnAuiCx s8CwseLIuLimILrOv6kgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIMfPseLAp8fYIMi5seLA+8DOILGzwLAgvcO9usXbILCzud+/oSA8YnI+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgILnawve4piCwocfP v7S9wLTPtNkuILHXILDhsPoguru/+MDHILHXILCjIMPgwPu1yCCz68fPv+y/ zSCxs8CwvcO9usXbIL/uv7XAxyDA5cGhwLsgDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIMPWtOvH0SDIsL/rx8+/qSDD1rTrwMcgwfjH0Lf8 sPogPGJyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICDD1rTr wMcgw+u+97f8wLsgwM7BpLnesNQgtce++r3AtM+02S4gPC9mb250PjwvcD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxmb250 IGNvbG9yPSNjMjBmNjggc2l6ZT0zPjxiPiA8bWFycXVlZSBiZWhhdmlvcj1h bHRlcm5hdGU+seLIuLTCIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICCzr77GsKG0wiC79b/NsLC9wLTPtNkuILOvvsawoSC59riu seLA/L+hIMDiwLi8vL/kICEhPC9tYXJxdWVlPjwvYj48L2ZvbnQ+PC9wPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAg ICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAg ICAgIDx0ciBiZ2NvbG9yPSNmY2ZhZjE+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0ZCBjb2xzcGFuPTI+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgDQo8dGFibGUgYWxpZ249Y2VudGVyIGJvcmRlcj0wIGNl bGxwYWRkaW5nPTAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBj ZWxsc3BhY2luZz0wIGhlaWdodD04IHdpZHRoPTcwMD4NCg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8dHIgdmFsaWduPXRvcD4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD0yPiANCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgYWxpZ249 Y2VudGVyPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBzaXplPTE+Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uPC9mb250PjwvZGl2Pg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC90YWJsZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rk Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICA8dHIgYmdjb2xvcj0jZWVmMmZmPiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9MTY+Jm5ic3A7PC90 ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgd2lkdGg9NzE4 PiZuYnNwOzwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+ DQogICAgICAgICAgICAgICAgICAgICAgICAgIDx0ciBiZ2NvbG9yPSNlZWYy ZmYgdmFsaWduPSJ0b3AiPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8dGQgY29sc3Bhbj0yIGhlaWdodD0xNTM+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgDQo8dGFibGUgYWxpZ249Y2VudGVyIGJvcmRlcj0x IGhlaWdodD01MjQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3 aWR0aD01NDEgYm9yZGVyY29sb3I9IiMwMDAwZmYiPg0KDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDx0ciBiZ2NvbG9yPSNmOWY5Zjk+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBoZWlnaHQ9NTI5 IHZhbGlnbj0idG9wIiBiZ2NvbG9yPSIjZmZmZmZmIj4gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8cCBhbGlnbj1jZW50ZXI+PGZv bnQgc2l6ZT0yPjxmb250IGNvbG9yPWdyZWVuIA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBmYWNlPbW4v/I+PGI+PGJyPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2I+PC9mb250PjwvZm9u dD48L3A+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICANCjx0YWJsZSBhbGlnbj1jZW50ZXIgYm9yZGVyPTAgd2lkdGg9NTIw Pg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDx0Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDx0ciBhbGlnbj1sZWZ0PiANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgYWxpZ249cmln aHQgcm93c3Bhbj0iMiI+PGI+PGZvbnQgc2l6ZT0yPg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjwv Yj48Zm9udCBzaXplPTI+PGI+sbPAsCANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgILD6waQ8L2I+PC9mb250Pjxm b250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplPTI+ PGI+oaE8L2I+PC9mb250PjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIHJvd3NwYW49IjIiPjxiPjxm b250IHNpemU9Mj46IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iaHR0cDovL2dhemF3ZWIuY28u a3Ivd2Rlc2lnbi5odG0iPsClIA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgtfDA2sDOPC9hPiAvIDxhIGhyZWY9 Imh0dHA6Ly9nYXphd2ViLmNvLmtyL3dtYXN0ZXIuaHRtIj7ApSANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgILi2 vbrFzTwvYT4gLyA8Zm9udCBmYWNlPbG8uLLDvD48YSBocmVmPSJodHRwOi8v Z2F6YXdlYi5jby5rci93YW5pbWF0aW9uLmh0bSI+M0Q8L2E+PC9mb250Pjxh IGhyZWY9Imh0dHA6Ly9pbnRlcnNpZ24uYWMvd2FuaW1hdGlvbi5odG0iPiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIL+htM+43sDMvMc8L2E+IC8gwPzA2rvzsMW3oTwvZm9udD48L2I+PGZv bnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9Mj48 Yj48YnI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA6IDxhIGhyZWY9Imh0dHA6Ly9nYXphd2ViLmNvLmtyL3dj b29yZGkuaHRtIj7ApcTatfCz18DMxc08L2E+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLyA8YSBocmVmPSJo dHRwOi8vZ2F6YXdlYi5jby5rci9tYWNkZXNpZ24uaHRtIj5ELlQuUDwvYT4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAvIDxhIGhyZWY9Imh0dHA6Ly9nYXphd2ViLmNvLmtyL2NhZC5odG0i PrDHw+C9w7nEt7nAzLzHKENBRCk8L2E+IA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLyC41sa8ucy18L7uPC9i PjwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8dHI+IDwvdHI+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJs ZT4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwIGFs aWduPWNlbnRlcj48Yj48Zm9udCBjb2xvcj0jMzMzMzMzIGZhY2U9sby4siAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0zPiA8L2Zv bnQ+PGZvbnQgY29sb3I9IzMzMzMzMyBmYWNlPbG8uLIgDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHNpemU9Mj48L2ZvbnQ+PGZvbnQgY29s b3I9IzMzMzMzMyBmYWNlPbG8uLIgDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHNpemU9Mz5PTiAtIExJTkUgu/O04yAgDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOzwvZm9udD48L2I+PC9wPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGZvcm0gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGFjdGlvbj1odHRwOi8vd3d3LmtvcmVhLW1hcmsu Y28ua3IvY2dpLWJpbi9mb3JtbWFpbC5wbCBtZXRob2Q9cG9zdCBhbGlnbj0i Y2VudGVyIj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPGlucHV0IG5hbWU9cmVjaXBpZW50IHR5cGU9aGlkZGVuIA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT13ZWJtYXN0ZXJAZ2F6 YXdlYi5jby5rcj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPGlucHV0IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBuYW1lPXN1YmplY3QgdHlwZT1oaWRkZW4gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHZhbHVlPSLAzsXNwNrAziCxs8Cwua7Axz8iPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8aW5wdXQg bmFtZT1yZXF1aXJlZCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdHlwZT1oaWRkZW4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHZhbHVlPcDMuKcsvLq6sCy7/bPiLMD8yK25+MijLMHWvNIsyN6068b5 LEUtbWFpbCzIuLvnuO0sua7Ax7vnx9c+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIA0KPHRhYmxlIGJvcmRlcj0wIHdpZHRoPSIx MDAlIj4NCg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDx0Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDx0ZCB3aWR0aD0iNjAlIiBoZWlnaHQ9IjM0OSIgdmFs aWduPSJ0b3AiPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgDQo8dGFibGUgYm9yZGVyPTAgY2VsbHBhZGRpbmc9MCBj ZWxsc3BhY2luZz0wICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg aGVpZ2h0PTE5NCB3aWR0aD0iMTAwJSI+DQoNCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+IA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgaGVpZ2h0PTMzNyB3aWR0aD0iMTAwJSI+IA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCjx0 YWJsZSBib3JkZXI9MSBjZWxscGFkZGluZz0wIGNlbGxzcGFjaW5nPTAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3aWR0aD0iMTAwJSIgYm9y ZGVyY29sb3I9IiM5OTk5OTkiPg0KDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8dHI+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2U5ZTlkZSB3 aWR0aD0iMTclIj48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgc2l6ZT0yPjxiPjxmb250IGZhY2U9sby4sj48Zm9udCBmYWNlPbG8 uLIgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9Mj4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPC9mb250PjwvZm9udD48Zm9udCBjb2xvcj0i cmVkIj4qPC9mb250PsDMuKcmbmJzcDs8L2I+PC9mb250PjwvdGQ+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgYmdjb2xvcj0jZjVmNWYxIHdpZHRoPSI4MyUiPjxmb250IA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb2xvcj0jMDAwMDAw IGZhY2U9sby4ssO8PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG5hbWU9wMy4pyAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0xND4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgPC9mb250PjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 dHI+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2U5ZTlkZSB3aWR0 aD0iMTclIj48Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgc2l6ZT0yPjxiPjxmb250IGZhY2U9sby4siBzaXplPTI+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvZm9udD48Zm9udCBjb2xvcj0iI2U5ZTlkZSI+KjwvZm9u dD68urqwPC9iPjwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9 I2Y1ZjVmMSB3aWR0aD0iODMlIj48Zm9udCANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgY29sb3I9IzAwMDAwMCBmYWNlPbG8uLLDvCBzaXpl PTI+PGI+s7I8L2I+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8aW5wdXQgDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIENIRUNLRUQgbmFtZT28urqwIHR5cGU9 cmFkaW8gdmFsdWU9s7I+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICZuYnNwOyZuYnNwOyA8Yj6/ qTwvYj48L2ZvbnQ+PGZvbnQgY29sb3I9IzAwMDAwMCANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgZmFjZT2xvLiyw7w+IA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8aW5wdXQgbmFtZT28urqwIHR5cGU9cmFkaW8gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHZhbHVlPb+pPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Zv bnQ+PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8dGQgYmdjb2xvcj0jZTllOWRlIHdpZHRoPSIxNyUiPjxmb250 IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplPTI+PGI+ PGZvbnQgZmFjZT2xvLiyIHNpemU9Mj4gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwv Zm9udD48Zm9udCBjb2xvcj0icmVkIj4qPC9mb250Prv9s+K/+cDPPC9iPjwv Zm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0 aD0iODMlIj4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgbWF4bGVuZ3RoPTQgbmFtZT27/bPiv/nAzyBz aXplPTQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxmb250IHNpemU9Mj6z4iANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPHNlbGVjdCBuYW1lPbv9s+I+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiBz ZWxlY3RlZCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFs dWU9IiI+vLHFwzwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gdmFs dWU9Mb/5PjE8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIHZhbHVl PTK/+T4yPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9M7/5PjM8L29wdGlv bj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8b3B0aW9uIHZhbHVlPTS/+T40PC9vcHRpb24+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPG9wdGlvbiB2YWx1ZT01v/k+NTwvb3B0aW9uPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHZhbHVlPTa/+T42PC9vcHRpb24+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PG9wdGlvbiB2YWx1ZT03v/k+Nzwvb3B0aW9uPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxv cHRpb24gdmFsdWU9OL/5Pjg8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0 aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT05 v/k+OTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTEwv/k+MTA8L29wdGlv bj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB2YWx1ZT0xMb/5PjExPC9vcHRpb24+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdmFsdWU9MTK/+T4xMjwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3NlbGVj dD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgv/kgDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzZWxlY3QgbmFtZT27 /bPiPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxvcHRpb24gc2VsZWN0ZWQgdmFsdWU9IiI+ vLHFwzwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTHAzz4xPC9vcHRpb24+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPG9wdGlvbiB2YWx1ZT0ywM8+Mjwvb3B0aW9uPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDxvcHRpb24gdmFsdWU9M8DPPjM8L29wdGlvbj4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB2YWx1ZT00wM8+NDwvb3B0aW9uPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxv cHRpb24gdmFsdWU9NcDPPjU8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0 aW9uIHZhbHVlPTbAzz42PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlv biANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9N8DP Pjc8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIHZhbHVlPTjAzz44 PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiB2YWx1ZT05wM8+OTwv b3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHZhbHVlPTEwwM8+MTA8L29wdGlvbj4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB2YWx1ZT0xMcDPPjExPC9vcHRpb24+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFs dWU9MTLAzz4xMjwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTEzwM8+MTM8 L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB2YWx1ZT0xNMDPPjE0PC9vcHRpb24+DQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgdmFsdWU9MTXAzz4xNTwvb3B0aW9uPg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZh bHVlPTE2wM8+MTY8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0xN8DPPjE3 PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MTjAzz4xODwvb3B0aW9uPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHZhbHVlPTE5wM8+MTk8L29wdGlvbj4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2 YWx1ZT0yMMDPPjIwPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MjHAzz4y MTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTIywM8+MjI8L29wdGlvbj4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB2YWx1ZT0yM8DPPjIzPC9vcHRpb24+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg dmFsdWU9MjTAzz4yNDwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTI1wM8+ MjU8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0yNsDPPjI2PC9vcHRpb24+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgdmFsdWU9MjfAzz4yNzwvb3B0aW9uPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHZhbHVlPTI4wM8+Mjg8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9u IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0yOcDP PjI5PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MzDAzz4zMDwvb3B0aW9u Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHZhbHVlPTMxwM8+MzE8L29wdGlvbj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC9zZWxlY3Q+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIMDPICZuYnNwOyZuYnNwO7+5OiAy MDAxs+IgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDG/+SAxwM88L2ZvbnQ+PC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgYmdj b2xvcj0jZTllOWRlIHdpZHRoPSIxNyUiPjxmb250IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBzaXplPTI+PGI+PGZvbnQgZmFjZT2xvLiy IHNpemU9Mj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjxmb250IGNvbG9y PSJyZWQiPio8L2ZvbnQ+wPzIrbn4yKM8L2I+PC9mb250PjwvdGQ+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8dGQgYmdjb2xvcj0jZjVmNWYxIHdpZHRoPSI4MyUiPiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPHNlbGVjdCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgbmFtZT3A/MitufjIoz4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIHNlbGVj dGVkIHZhbHVlPSIiPryxxcM8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0 aW9uIHZhbHVlPTAyPjAyPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlv biANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MDMx PjAzMTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTAzMj4wMzI8L29wdGlv bj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB2YWx1ZT0wMzM+MDMzPC9vcHRpb24+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdmFsdWU9MDQxPjA0MTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRp b24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTA0 Mj4wNDI8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0wNDM+MDQzPC9vcHRp b24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgdmFsdWU9MDUxPjA1MTwvb3B0aW9uPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHZhbHVlPTA1Mj4wNTI8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0 aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0w NTM+MDUzPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MDU0PjA1NDwvb3B0 aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHZhbHVlPTA1NT4wNTU8L29wdGlvbj4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB2YWx1ZT0wNjE+MDYxPC9vcHRpb24+DQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9w dGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9 MDYyPjA2Mjwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTA2Mz4wNjM8L29w dGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICB2YWx1ZT0wNjQ+MDY0PC9vcHRpb24+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvc2VsZWN0Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtIDxmb250IA0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBjb2xvcj0jMDAwMDAwIGZhY2U9 sby4ssO8PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG5hbWU9wPzIrbn4yKMgDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9MjE+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRy PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDx0ZCBiZ2NvbG9yPSNlOWU5ZGUgd2lkdGg9 IjE3JSI+PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHNpemU9Mj48Yj48Zm9udCBmYWNlPbG8uLIgc2l6ZT0yPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA8L2ZvbnQ+PGZvbnQgY29sb3I9IiNlOWU5ZGUiPio8L2ZvbnQ+ RkFYPC9iPjwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2Y1 ZjVmMSB3aWR0aD0iODMlIj4gDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzZWxlY3QgDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIG5hbWU9RkFYPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDxvcHRpb24gc2VsZWN0ZWQgdmFsdWU9IiI+vLHFwzwvb3B0aW9u Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDxvcHRpb24gdmFsdWU9MDI+MDI8L29wdGlvbj4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB2YWx1ZT0wMzE+MDMxPC9vcHRpb24+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg dmFsdWU9MDMyPjAzMjwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24g DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTAzMz4w MzM8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0wNDE+MDQxPC9vcHRpb24+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgdmFsdWU9MDQyPjA0Mjwvb3B0aW9uPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHZhbHVlPTA0Mz4wNDM8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9u IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YWx1ZT0wNTE+ MDUxPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MDUyPjA1Mjwvb3B0aW9u Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHZhbHVlPTA1Mz4wNTM8L29wdGlvbj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB2YWx1ZT0wNTQ+MDU0PC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlv biANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdmFsdWU9MDU1 PjA1NTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTA2MT4wNjE8L29wdGlv bj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB2YWx1ZT0wNjI+MDYyPC9vcHRpb24+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgdmFsdWU9MDYzPjA2Mzwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRp b24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTA2 ND4wNjQ8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9zZWxlY3Q+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIC0gPGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGNvbG9yPSMwMDAwMDAgZmFjZT2xvLiyw7w+IA0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8aW5w dXQgbmFtZT1GQVggDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHNpemU9MjE+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDwvZm9udD48L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwv dHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBiZ2NvbG9y PSNlOWU5ZGUgd2lkdGg9IjE3JSI+PGZvbnQgDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHNpemU9Mj48Yj48Zm9udCBmYWNlPbG8uLIgc2l6 ZT0yPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjxmb250IGNvbG9yPSJy ZWQiPio8L2ZvbnQ+yN6068b5PC9iPjwvZm9udD48L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0iODMlIj4gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxzZWxlY3QgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG5h bWU9yN6068b5Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gc2VsZWN0ZWQgdmFs dWU9IiI+vLHFwzwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gdmFs dWU9MDExPjAxMTwvb3B0aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlPTAxNj4wMTY8 L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB2YWx1ZT0wMTc+MDE3PC9vcHRpb24+DQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgdmFsdWU9MDE4PjAxODwvb3B0aW9uPg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHZh bHVlPTAxOT4wMTk8L29wdGlvbj4NCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9zZWxlY3Q+DQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIC0gPGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIGNvbG9yPSMwMDAwMDAgZmFjZT2xvLiyw7w+IA0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8aW5wdXQgbmFtZT3I3rTrxvkgDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHNpemU9MjE+DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZm9udD48L3RkPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRyPiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0 ZCBiZ2NvbG9yPSNlOWU5ZGUgd2lkdGg9IjE3JSI+PGZvbnQgDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9Mj48Yj48Zm9udCBmYWNl PbG8uLIgc2l6ZT0yPg0KPGltZyBoZWlnaHQ9NyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHNyYz0iY2lkOlJFRF9TUElERVIwMDAwIiB3aWR0 aD03Pg0KIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L2ZvbnQ+PGZvbnQgY29sb3I9 InJlZCI+KjwvZm9udD7B1rzSPC9iPjwvZm9udD48L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0iODMlIj48Zm9udCANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgY29sb3I9IzAwMDAwMCBmYWNl PbG8uLLDvD4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBuYW1lPcHWvNIgDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpemU9NTA+DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDwvZm9udD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDx0ZCBiZ2NvbG9yPSNlOWU5ZGUgd2lkdGg9IjE3 JSI+PGZvbnQgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNp emU9Mj48Yj48Zm9udCBmYWNlPbG8uLIgc2l6ZT0yPg0KPGltZyBoZWlnaHQ9 NyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNyYz0iY2lkOlJF RF9TUElERVIwMDAxIiB3aWR0aD03Pg0KIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8 L2ZvbnQ+PGZvbnQgY29sb3I9InJlZCI+KjwvZm9udD5FLW1haWw8L2I+PC9m b250PjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8dGQgYmdjb2xvcj0jZjVmNWYxIHdpZHRo PSI4MyUiPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjb2xvcj0jMDAwMDAwIGZhY2U9sby4ssO8PiANCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGlu cHV0IG5hbWU9RS1tYWlsIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBzaXplPTMyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L2ZvbnQ+PC90ZD4NCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgYmdj b2xvcj0jZTllOWRlIHdpZHRoPSIxNyUiPjxmb250IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBzaXplPTI+PGI+PGZvbnQgZmFjZT2xvLiy IHNpemU9Mj4NCjxpbWcgaGVpZ2h0PTcgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICBzcmM9ImNpZDpSRURfU1BJREVSMDAwMiIgd2lkdGg9Nz4N CiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjxmb250IGNvbG9yPSJyZWQi Pio8L2ZvbnQ+yLi757jtPC9iPjwvZm9udD48L3RkPg0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRk IGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0iODMlIj48Zm9udCANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgY29sb3I9IzAwMDAwMCBmYWNlPbG8 uLLDvD4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxpbnB1dCBuYW1lPci4u+e47SANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0zNz4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC9mb250Pjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBzaXplPTI+PGI+KMfQsbO47Sk8L2I+PC9mb250PjwvdGQ+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8dHI+IA0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGJn Y29sb3I9I2U5ZTlkZSB3aWR0aD0iMTclIj48Zm9udCANCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgc2l6ZT0yPjxiPjxmb250IGZhY2U9sby4 siBzaXplPTI+DQo8aW1nIGhlaWdodD03ICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgc3JjPSJjaWQ6UkVEX1NQSURFUjAwMDMiIHdpZHRoPTc+ DQogDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDwvZm9udD48Zm9udCBjb2xvcj0icmVk Ij4qPC9mb250PrmuwMfH0LD6PC9iPjwvZm9udD48L3RkPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0iODMlIj4gDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDxzZWxlY3QgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG5h bWU9yPG4wcfQsPo+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiBzZWxlY3RlZCB2 YWx1ZT0iIj68scXDPC9vcHRpb24+DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPG9wdGlvbiB2 YWx1ZT241sa8ucy18L7uPrjWxry5zLXwvu48L29wdGlvbj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB2YWx1ZT3ApbXwwNrAzj7ApbXwwNrAzjwvb3B0aW9uPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHZhbHVlPcClxNq18LPXwMzFzT7ApcTatfCz18DMxc08L29wdGlvbj4NCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8b3B0aW9uIA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB2YWx1ZT3Apbi2vbrFzT7Apbi2vbrFzTwvb3B0aW9uPg0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHZhbHVlPTNEIL7WtM+43sDMvMc+M0Qgvta0z7jewMy8xzwvb3B0 aW9uPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDxvcHRpb24gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHZhbHVlPUF1dG8gQ2FkPkF1dG8gQ2FkPC9vcHRp b24+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPG9wdGlvbiANCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgdmFsdWU9RFRQPkRUUDwvb3B0aW9uPg0KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8L3NlbGVjdD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRy PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDx0ZCBiZ2NvbG9yPSNlOWU5ZGUgd2lkdGg9 IjE3JSIgaGVpZ2h0PSIxMDAiPjxmb250IGZhY2U9sby4siANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0yPjxmb250IHNpemU9Mj48 Yj48Zm9udCBmYWNlPbG8uLIgc2l6ZT0yPg0KPGltZyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGhlaWdodD03IHNyYz0iY2lkOlJFRF9TUElE RVIwMDA0IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdpZHRo PTc+DQogPC9mb250PjwvYj48L2ZvbnQ+PGI+PGZvbnQgY29sb3I9InJlZCI+ KjwvZm9udD65rsDHIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICC758fXPC9iPjwvZm9u dD48L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPHRkIGJnY29sb3I9I2Y1ZjVmMSB3aWR0aD0i ODMlIiBoZWlnaHQ9IjEwMCI+PHNwYW4gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHN0eWxlPSJCQUNLR1JPVU5ELUNPTE9SOiAjZjBmMGU4 Ij48VEVYVEFSRUEgY29scz01MiBuYW1lPbmuwMe758fXIHJvd3M9ND48L1RF WFRBUkVBPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3NwYW4+PC90ZD4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Ry Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8dGQgYmdjb2xvcj0jZmZmZmZmIGhlaWdo dD0zNyB3aWR0aD0iMTAwJSIgdmFsaWduPSJib3R0b20iPiANCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHAg YWxpZ249Y2VudGVyPjxmb250IGNvbG9yPSMwMDAwMDAgZmFjZT2xvLiyw7w+ IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDxpbnB1dCBuYW1lPVN1Ym1pdCB0eXBlPXN1Ym1pdCB2YWx1 ZT2/z7fhPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICZuYnNwOyA8L2ZvbnQ+PC9wPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0KICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9mb3JtPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+DQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8 L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHIgYmdjb2xvcj0j ZWVmMmZmPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgY29s c3Bhbj0yPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KPHRh YmxlIGFsaWduPWNlbnRlciBib3JkZXI9MCBjZWxscGFkZGluZz0wICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgY2VsbHNwYWNpbmc9MCBoZWln aHQ9OCB3aWR0aD03MDA+DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgPHRib2R5PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgPHRyIHZhbGlnbj10b3A+IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDx0ZCBoZWlnaHQ9Mj4gDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPWNlbnRlcj48Zm9udCANCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2l6ZT0xPi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLjwv Zm9udD48L2Rpdj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Ry Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PiAN CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGFibGU+DQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAg ICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAg PHRyIGJnY29sb3I9IzQyNDE2ZD4gDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgPHRkIGNvbHNwYW49MiBoZWlnaHQ9MjU+IA0KICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgPGRpdiBhbGlnbj1jZW50ZXI+PGZv bnQgc2l6ZT0yPjxiPjxmb250IA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICBjb2xvcj0jZmZmZmZmPqHYILHixbggwNq8vMfRILGzwLCzu7/r wLo8Zm9udCANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29s b3I9I2ZmZmY5OT48dT5UZWwgOiAwMik3NDQtOTU4NDwvdT48L2ZvbnQ+wLi3 ziANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgua7A xyC52bb4tM+02S48L2ZvbnQ+PC9iPjwvZm9udD48L2Rpdj4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAg ICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHIg Ymdjb2xvcj0jNDI0MTZkPiANCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICA8dGQgY29sc3Bhbj0yIGhlaWdodD04MT4gDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICANCjx0YWJsZSBhbGlnbj1jZW50ZXIgYmdjb2xvcj0j ZjNmM2YzIGJvcmRlcj0wICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgY2VsbHNwYWNpbmc9MCBoZWlnaHQ9NTQgd2lkdGg9NDMyPg0KDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4gDQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRkIGhlaWdodD05Mz4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxmb250IA0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplPTI+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9mb250Piogwb63zi0xyKO8sSANCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgwb63zjWw ob+qIDK5+MPisbggx9GxucX1wNq9xcW5wfWxx7r0tfkgNEYgPGJyPg0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8YnI+ DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyogyKjG5MDMwfYgPGEgDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhyZWY9Imh0dHA6Ly9nYXph d2ViLmNvLmtyLyIgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHRhcmdldD1fYmxhbms+aHR0cDovL2dhemF3ZWIuY28ua3I8L2E+PC9wPg0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+ ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyogsbPAsLTjtOcgPEEgDQogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhyZWY9Im1haWx0bzp3ZWJt YXN0ZXJAZ2F6YXdlYi5jby5rciI+d2VibWFzdGVyQGdhemF3ZWIuY28ua3I8 L2E+IA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAowMzA2r+1KSA8L3A+DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICA8L3Rib2R5PiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IDwvdGFibGU+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4N CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAg ICAgICAgICAgICAgICAgPHRyIGJnY29sb3I9IzQyNDE2ZD4gDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgPHRkIA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBjb2xzcGFuPTI+Jm5ic3A7PC90ZD4NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAg ICAgICAgPC90Ym9keT4gDQogICAgICAgICAgICAgICAgICAgICAgICA8L3Rh YmxlPg0KICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+DQogICAgICAgICAg ICAgICAgICAgIDwvdHI+DQogICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+ IA0KICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCiAgICAgICAgICAgICAg ICA8L3RkPg0KICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICAgICAgICA8 L3Rib2R5PiANCiAgICAgICAgICAgIDwvdGFibGU+DQogICAgICAgICAgPC90 ZD4NCiAgICAgICAgPC90cj4NCiAgICAgICAgPC90Ym9keT4gDQogICAgICA8 L3RhYmxlPjwhLS0gbWlhZ2VudCBzdWIgZW5kIC0tPg0KICAgICAgDQo8aW1n ICAgICAgICAgICAgICAgICAgIGhlaWdodD0xMiBzcmM9ImNpZDpSRURfU1BJ REVSMDAwNSIgICAgICAgICAgICAgICAgIHdpZHRoPTE+DQo8YnI+DQogICAg ICA8L2ZvbnQ+PC90ZD4NCiAgPC90cj4NCiAgPC90Ym9keT4gDQo8L3RhYmxl Pg0KPC90ZD48L1RSPjwvdGFibGU+PC9CT0RZPg0KPC9odG1sPg0K= ----RED_SPIDER_0003_0003-- ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/pointer01.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002 Content-Type: image/gif; name="/download/¿Àºü/view_mail.files/trans.gif" Content-Transfer-Encoding: base64 Content-ID: ----RED_SPIDER_0002_0002-- ----RED_SPIDER_0001_0001-- From rtyuio@korea.com Wed Jul 18 11:32:22 2001 From: rtyuio@korea.com (rtyuio@korea.com) Date: ¼ö, 27 6 2001 15:23:36 Subject: [Mailman-Developers] pc°ü·ÃÁ¤º¸ÀÔ´Ï´Ù Message-ID: <263.386743.235@korea.com> ÃÖ½ÅÇüPC CPU¡¦¡¦¡¦.933 (ÀÎÅÚ) RAM¡¦¡¦¡¦128 (»ï¼ºÁ¤Ç°133) HDD¡¦¡¦¡¦30 G MONITER.17"(»ï¼º77E) ¸ðµÎ43¸¸¿ø °ü½ÉÀÖÀ¸¼¼¿ä http://comzon.atozpia.com/news/news.html À̸®·Î ¿À¼¼¿ä From wilane@mint.sn Sun Jul 1 13:53:00 2001 From: wilane@mint.sn (Ousmane Wilane) Date: Sun, 1 Jul 2001 12:53:00 +0000 Subject: [Mailman-Developers] Missing _()! Message-ID: <01070112530000.00668@NDEYE_TOUTY> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Missing i18n In cron/mailpasswds:73 Cheers - -- - -- Ousmane Wilane (http://purl.org/NET/WILANE/) - -- +221 821 57 02 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7Px0yWz9CBmeMnqIRAoEvAKDEq49dJmlpjVKEgWTJwi9gyCJW5wCgxTe2 N8qPzK7j4I+gv69Ugqq0zxw= =iriZ -----END PGP SIGNATURE----- From y.nugroho@student.umist.ac.uk Sun Jul 1 23:14:17 2001 From: y.nugroho@student.umist.ac.uk (Yanuar Nugroho) Date: Sun, 1 Jul 2001 23:14:17 +0100 Subject: [Mailman-Developers] change the layout? Message-ID: <000901c1027b$2b797e60$9baa5882@halls.umist.ac.uk> Dear all, If i want to change the layout of the body message (eg. change the left and right margin, or simply insert a letter/word in the left margin), which module should I modify? I've tried to read through all those python-modules in MM2.1 these few days but I couldn't locate. Any clue? Regards/Yanuar From jcrey@uma.es Mon Jul 2 11:58:38 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Mon, 02 Jul 2001 12:58:38 +0200 Subject: [Mailman-Developers] bug in checj_perms Message-ID: <3B4053DE.F6AFDC5C@uma.es> Testing a new installation from scratch, here is the result [jcrey@joker bin]$ ./check_perms=20 directory permissions must be 02775: /home/mailman/templates/es directory permissions must be 02775: /home/mailman/templates/fr directory permissions must be 02775: /home/mailman/templates/hu directory permissions must be 02775: /home/mailman/templates/en directory permissions must be 02775: /home/mailman/messages/es Traceback (most recent call last): File "./check_perms", line 324, in ? checkcgi() File "./check_perms", line 213, in checkcgi exes =3D os.listdir(mm_cfg.CGI_DIR) AttributeError: CGI_DIR I have seen inside Defaults.py and CGI_DIR is not defined. Cheers --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 12:06:19 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 13:06:19 +0200 Subject: [Mailman-Developers] How to downgrade from mailman 2.1a2 ? and some of my problems Message-ID: <200107021106.f62B6JJ16002@sun6.imbi.uni-freiburg.de> Hi developers, I installed mailman2.1a2 because I wanted to satisfy a list administrator who is waiting for the international interface. I tried it on a test machine first and it seemed to work but then... (System configuration: Sun Ultra 1, Solaris 7 using sendmail, python 2.1, mailman 2.1a2) First question: is it possible to downgrade to some older version if my problems continue? How do I do it? As I am not a member of the list, please send to me directly. And here some of my problems using mailman 2.1 a2 - mimelib 0.3 installed into site-lib, therefore the cron jobs (python -S) did not find it (my solution: delete the -S in the crontab entries) - mailman wanted libssl and libcrypto and did not find them in /usr/local/lib (I added links to /lib) - I got a message "Another qrunner is alread running" every minute! At first I commented the message out, but now I restart qrunner with cron only one every hour. - some messages from check_db about invalid triple...(ignored) - After the first message came in for distribution, I was not send out, but the program kept on adding new qrunner processes until I killed them all . I then deleted the master-qrunner entries in $MAILMAN/locks and all other locks. When I restarted the qrunner, I did not get the expected master.lock file again. I already got a 2,7MB error message. But the mail gets send. - I had to find out first that all list passwords were invalid, and then found the program to reset them :) - I found some files named *.msg and *.db in $MAILMAN/qfiles - not in subdirectories. Is that ok? MAIN Problem: - over the weekeend, the first round of password reminders should have been out. But the disk ran full over the weekend. I found the maschine with a load of 14, lots of qrunners and some /bin/mails as well as the programs that filled the disk (probably not mailman). I killed them all. Later on I found 2 mail files (7 and 10 MB )in /var/tmp. Where the passwords send out? At least 1 email, that had to be approved, was not send: the administrator ran into an error (file not found or something like that). Can I trust mailman2.1a2 that it is "disk full"-prove ? - right now I have 27 qrunners running - the master-qrunner is held by one of them, but not the oldest one. It should be one master and one per directory - right? - I made a new error log file. But there are already error messages in it ( I only give the first and last lines: Jul 02 10:14:30 2001 (1640) Uncaught runner exception: String payload expected Jul 02 10:14:30 2001 (1640) Traceback (most recent call last): [...] Jul 02 11:37:15 2001 qrunner(2209): raise TypeError, 'String payload expected' Jul 02 11:37:15 2001 qrunner(2209): TypeError : String payload expected Jul 02 11:32:34 2001 (2209) lost data files for filebase: 994066353.54731798+5cdd1e0516f3ccd53091f70eb8cfd905542c4646 Jul 02 11:32:36 2001 (2205) lost data files for filebase: 994066353.54731798+58815255dd387fa7e0e3d297cd80a8e3b87e80d7 Jul 02 11:37:13 2001 (2209) Uncaught runner exception: String payload expected Jul 02 11:37:14 2001 (2209) Traceback (most recent call last): File "/home/mailman/Mailman/Queue/IncomingRunner.py", line 136, in _dopipeline func(mlist, msg, msgdata) File "/usr/local/lib/python2.1/site-packages/mimelib/Generator.py", line 145, in _flatten raise TypeError, 'String payload expected' TypeError: String payload expected Jul 02 12:00:14 2001 qrunner(2395): Traceback (most recent call last): Jul 02 12:00:14 2001 qrunner(2395): File "/home/mailman/cron/qrunner", line 299, in ? Jul 02 12:00:14 2001 qrunner(2395): main() Jul 02 12:00:15 2001 qrunner(2205): File "/home/mailman/Mailman/Queue/Switchboard.py", line 135, in dequeue Jul 02 12:00:15 2001 qrunner(2205): os.unlink(msgfile) Jul 02 12:00:15 2001 qrunner(2205): OSError : [Errno 2] No such file or directory: '/home/mailman/qfiles/out/994068012.91432905+082aa298c0 1d478840e3b8bb3f95fe5216a41b8d.msg' Who can help? Best wishes Georg Koch -- -- Georg Koch (gorg@ami1.ukl.uni-freiburg.de) | Phone: +49 761 203 6710 System Administrator | Fax: +49 761 203 6711 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ........................................................................... If we knew what it was we were doing, it would not be called research, would it? -Albert Einstein From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 14:34:07 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 15:34:07 +0200 Subject: [Mailman-Developers] rmlist Message-ID: <200107021334.f62DY7J16281@sun6.imbi.uni-freiburg.de> When I remove a list (test2), rmlist says: "Not removing archives. Reinvoke with -a to remove them." When I do it, it says: "No such list: test2" -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 14:35:07 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 15:35:07 +0200 Subject: [Mailman-Developers] cannot approve requests Message-ID: <200107021335.f62DZ7J16302@sun6.imbi.uni-freiburg.de> Dear develpers, a list administrator sent me this page. I can verify his result with = the site password. What can I do to reenable list-administrators to = approve messages and requests? (There are 25 unapproved messages now). Best wishes Georg Koch -- = -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany =2E..................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From barry@digicool.com Mon Jul 2 14:47:44 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 2 Jul 2001 09:47:44 -0400 Subject: [Mailman-Developers] Missing _()! References: <01070112530000.00668@NDEYE_TOUTY> Message-ID: <15168.31616.659803.186817@anthem.wooz.org> Thanks! -Barry From barry@digicool.com Mon Jul 2 14:55:50 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 2 Jul 2001 09:55:50 -0400 Subject: [Mailman-Developers] bug in checj_perms References: <3B4053DE.F6AFDC5C@uma.es> Message-ID: <15168.32102.32339.182594@anthem.wooz.org> >>>>> "JCRA" == Juan Carlos Rey Anaya writes: | I have seen inside Defaults.py and CGI_DIR is not defined. Fixed now, thanks! -Barry From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 15:08:00 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 16:08:00 +0200 Subject: [Mailman-Developers] update not finishing Message-ID: <200107021408.f62E80J16494@sun6.imbi.uni-freiburg.de> Dear developers, some of my problems may be due to "update" not finishing. The error message was: fp = open(os.path.join(mm_cfg.TEMPLATE_DIR, gtemplate)) IOError: [Errno 2] No such file or directory: '/home/mailman/templates/admindbpreamble.html' Is there anything I can do (without learning to program python) ? Best wishes Georg Koch -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From gorg@sun1.imbi.uni-freiburg.de Mon Jul 2 17:26:02 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 02 Jul 2001 18:26:02 +0200 Subject: [Mailman-Developers] AttributeError: 'int' object has no attribute 'lower' Message-ID: <3B40A09A.444C156B@imbi.uni-freiburg.de> This is a multi-part message in MIME format. --------------C1897213563153FD6E728957 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit here is another bug in a approval request best wishes -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ --------------C1897213563153FD6E728957 Content-Type: text/html; charset=us-ascii; name="consumers" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="consumers" Content-Base: "http://www.cochrane.de/mailman/admindb /consumers" Content-Location: "http://www.cochrane.de/mailman/admindb /consumers" Bug in Mailman version 2.1a2

    Bug in Mailman version 2.1a2

    We're sorry, we hit a bug!

    If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks!

    Traceback:

    Traceback (most recent call last):
  File "/home/mailman/scripts/driver", line 105, in run_main
    main()
  File "/home/mailman/Mailman/Cgi/admindb.py", line 117, in main
    show_requests(mlist, doc)
  File "/home/mailman/Mailman/Cgi/admindb.py", line 199, in show_requests
    show_post_requests(mlist, id, info, total, count, form)
  File "/home/mailman/Mailman/Cgi/admindb.py", line 256, in show_post_requests
    line = reader.readline()
  File "/usr/local/lib/python2.1/site-packages/mimelib/MsgReader.py", line 42, in readline
    self._root = self._payload[self._pos]
  File "/usr/local/lib/python2.1/site-packages/mimelib/Message.py", line 100, in __getitem__
    return self.get(name)
  File "/usr/local/lib/python2.1/site-packages/mimelib/Message.py", line 159, in get
    name = name.lower()
AttributeError: 'int' object has no attribute 'lower'

    Python information:

    VariableValue
    sys.version 2.1 (#1, Jun 26 2001, 16:46:38) [GCC 2.95.2 19991024 (release)]
    sys.executable /usr/local/bin/python
    sys.prefix /usr/local
    sys.exec_prefix /usr/local
    sys.path /usr/local
    sys.platform sunos5

    Environment variables:

    VariableValue
    DOCUMENT_ROOT /www/docs/cochrane
    SERVER_ADDR 132.230.10.21
    HTTP_ACCEPT_ENCODING gzip
    REMOTE_HOST sun6.imbi.uni-freiburg.de
    SERVER_PORT 80
    PATH_TRANSLATED /www/docs/cochrane/consumers
    REMOTE_ADDR 132.230.10.6
    SERVER_SOFTWARE Apache/1.3.19 (Unix) ApacheJServ/1.1.2 PHP/4.0.4pl1 mod_ssl/2.8.1 OpenSSL/0.9.6
    GATEWAY_INTERFACE CGI/1.1
    UNIQUE_ID O0Cf7oTmChUAABBqD7w
    HTTP_ACCEPT_LANGUAGE en
    REMOTE_PORT 52145
    SERVER_NAME www.cochrane.de
    TZ MET
    HTTP_USER_AGENT Mozilla/4.75 [en] (X11; U; SunOS 5.7 sun4u)
    HTTP_ACCEPT_CHARSET iso-8859-1,*,utf-8
    HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
    REQUEST_URI /mailman/admindb/consumers
    QUERY_STRING
    SERVER_PROTOCOL HTTP/1.0
    PATH_INFO /consumers
    HTTP_HOST www.cochrane.de
    REQUEST_METHOD GET
    SERVER_SIGNATURE
    Apache/1.3.19 Server at www.cochrane.de Port 80
    SCRIPT_NAME /mailman/admindb
    SERVER_ADMIN gorg@cochrane.de
    SCRIPT_FILENAME /dsk/www/mailman/cgi-bin/admindb
    PYTHONPATH /home/mailman
    HTTP_COOKIE hirexcc:admin=; test:admin=28020000006915483b3b732800000032373634313035633633366236663732303762353537623361613634386165323330306131663331; listowners:admin=; mwgs:admin=; smglist:admin=; training:admin=; consumers:admin=280200000069ec9f403b732800000030303461613665343631346131396530646631316266633063383666363066393034633266316131
    HTTP_CONNECTION Keep-Alive
    HTTP_REFERER http://www.cochrane.de/mailman/admin/consumers
    --------------C1897213563153FD6E728957-- From marc_news@valinux.com Mon Jul 2 23:02:14 2001 From: marc_news@valinux.com (Marc MERLIN) Date: Mon, 2 Jul 2001 15:02:14 -0700 Subject: [Mailman-Developers] Config option in Defaults.py for new MM Message-ID: <20010702150214.F29121@magic.merlins.org> I've modified mailman on sourceforge as such: mailman-2.0.5.sf/Mailman/Cgi/admin.py: # # mass subscription processing for members category # def clean_names(name): return rfc822.unquote(string.strip(name)) if cgi_info.has_key('subscribees'): name_text = cgi_info['subscribees'].value name_text = string.replace(name_text, '\r', '') names = filter(None, map(clean_names, string.split(name_text, '\n'))) if len(names) > 1: document.AddItem(Header(1, "

    Mass subscribing has been disabled due to abuse

    ")) document.AddItem("



    ") document.AddItem("Sorry, but mass subscribing has been disabled due to abuse.") document.AddItem("
    ") document.AddItem("You cannot subscribe more than one address.") document.AddItem("

    ") document.AddItem("If you need to migrate a list from another place, you need ") document.AddItem("to get approval from all your users and submit the list to ") document.AddItem("the SF staff") document.AddItem("

    ") document.AddItem('You can open a support ticket here') else: send_welcome_msg = string.atoi( cgi_info["send_welcome_msg_to_this_batch"].value) digest = 0 if not mlist.digestable: digest = 0 if not mlist.nondigestable: (...) Could the maximum number of subscriptions allowed through the web be a config option in MM 2.1? Having another config option that would allow submissions to go through mlist.AddMembers intead of mlist.ApprovedAddMembers would be nice too (members get auto-added, but they still need to complete the 3rd part of the 3 way handshake, i.e. answer the mail from mailman, before being subscribed). As for having a URL with a hash that would let people confirm the subscription instead of answering an Email, with their broken mail settings (line cutting/quoted printable/HTML/whatever), was that something that made it into MM 2.1? Thanks, Marc -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From barry@digicool.com Tue Jul 3 00:45:07 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 2 Jul 2001 19:45:07 -0400 Subject: [Mailman-Developers] How to downgrade from mailman 2.1a2 ? and some of my problems References: <200107021106.f62B6JJ16002@sun6.imbi.uni-freiburg.de> Message-ID: <15169.1923.276912.897405@anthem.wooz.org> >>>>> "GK" == Georg Koch writes: GK> First question: is it possible to downgrade to some older GK> version if my problems continue? How do I do it? I've never tried it, but I'm doubtful. Loading a list's config.db into a newer Mailman automatically upgrades the implied scheme in that file, and there are no provisions for reverting the schema. Anyone trying the 2.1 cvs should be aware that this is alpha code for a reason! I'm probably (soon) going to set up some semi-permanent test lists to start solidifying the code base, even if it technically remains alpha to avoid a feature freeze. I don't recommend upgrading on a production system. GK> And here some of my problems using mailman 2.1 a2 Ah, and now this is what I'm interested in! GK> - mimelib 0.3 installed into site-lib, therefore the cron jobs GK> (python -S) did not find it (my solution: delete the -S in the GK> crontab entries) That will increase start up time, so we should figure out why its necessary. Look at the bottom of Defaults.py and you should see some "path hacking" to get site-packages back on sys.path even if -S is used. That must not be working for you, and I'd like to figure out why. GK> - mailman wanted libssl and libcrypto and did not find them in GK> /usr/local/lib (I added links to /lib) Hmm, this is a mystery since Mailman doesn't make explicit use of anything that should link against those libraries. What version of Python are you using, and how did you build it? For example, I'm using a stock Python 2.1 built from source, on a RH6.1-ish Linux distro: % ldd /usr/local/bin/python libpthread.so.0 => /lib/libpthread.so.0 (0x40018000) libdl.so.2 => /lib/libdl.so.2 (0x4002a000) libutil.so.1 => /lib/libutil.so.1 (0x4002d000) libm.so.6 => /lib/libm.so.6 (0x40030000) libc.so.6 => /lib/libc.so.6 (0x4004c000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) So nothing that's statically linked in ought to require those libraries. You'll need to check your Python's lib-dynload/*.so files for other links (again, my stock install doesn't have any). This one sounds like a Python problem. GK> - I got a message "Another qrunner is alread running" every minute! GK> At first I commented the message out, but now I restart GK> qrunner with cron only one every hour. I'm seriously thinking that we should get rid of the cron-based qrunner even for the watchdog, since we now have qrunner running as a daemon. I think I'll write a start script that just wraps around cron/qrunner (which I don't want to rename for bogus CVS reasons), but that would be appropriate for an /etc/init.d script. GK> - some messages from check_db about invalid triple...(ignored) Huh? GK> - After the first message came in for distribution, I was not GK> send out, but the program kept on adding new qrunner processes GK> until I killed them all . I then deleted the master-qrunner GK> entries in $MAILMAN/locks and all other locks. When I GK> restarted the qrunner, I did not get the expected master.lock GK> file again. I already got a 2,7MB error message. But the mail GK> gets send. Hmm, I'm not sure I totally follow, but let's try an experiment. Remove the qrunner entry from crontab and just start the master qrunner by hand at a shell prompt. Don't give it any arguments. Now how well does it work? GK> - I had to find out first that all list passwords were GK> invalid, and then found the program to reset them :) Yes, because MM2.0.x used crypt to encrypt the passwords, but MM2.1 uses sha since it's much more reliably built into Python. This needs to get prominent notice in the release notes because there is no automatic way for Mailman to fix these passwords (the plain text cannot be programmatically extracted). GK> - I found some files named *.msg and *.db in $MAILMAN/qfiles - GK> not in subdirectories. Is that ok? No, these are left over from your pre-2.1 upgrade. I haven't come up with a good way to auto-upgrade these files, so I recommend that you make sure your system is clear before upgrading. You could try to move them into qfiles/in and see what happens (cross your fingers). GK> MAIN Problem: - over the weekeend, the first round of password GK> reminders should have been out. But the disk ran full over the GK> weekend. I found the maschine with a load of 14, lots of GK> qrunners and some /bin/mails as well as the programs that GK> filled the disk (probably not mailman). I killed them all. GK> Later on I found 2 mail files (7 and 10 MB )in /var/tmp. GK> Where the passwords send out? At least 1 email, that had to be GK> approved, was not send: the administrator ran into an error GK> (file not found or something like that). Can I trust GK> mailman2.1a2 that it is "disk full"-prove ? I'm not sure why you ended up with those files in /var/tmp, as Mailman shouldn't drop files there. There could be some strange interactions with your mailer going on. I'll do some testing of the password reminder scripts to make sure its working. GK> - right now I have 27 qrunners running - the master-qrunner is GK> held by one of them, but not the oldest one. It should be one GK> master and one per directory - right? Yes, by default, although Mailman can be configured to run any number of subprocesses per queue directory. I strongly suspect a bad interaction with the cron-based qrunner. I don't think the cron entry for qrunner is necessary any more, so again, I want to get rid of it. GK> - I made a new error log file. But there are already error GK> messages in it ( I only give the first and last lines: GK> Jul 02 10:14:30 2001 (1640) Uncaught runner exception: String GK> payload expected Jul 02 10:14:30 2001 (1640) Traceback (most GK> recent call last): [...] Jul 02 11:37:15 2001 qrunner(2209): GK> raise TypeError, 'String payload expected' Jul 02 11:37:15 GK> 2001 qrunner(2209): TypeError : String payload expected This is saying that mimelib is having trouble generating the plain text for one of your messages. The latest CVS doesn't generate plain text message until it has to send them to the MTA, otherwise, by default it uses binary Python pickles since it can load and store them to/from disk much faster. I'll need to instrument Mailman so that when these types of errors occur, the resulting objects can be captures for post mortems. Keep an eye on CVS over the next few days. -Barry From jarrell@vt.edu Tue Jul 3 01:25:40 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Mon, 02 Jul 2001 20:25:40 -0400 Subject: [Mailman-Developers] How to downgrade from mailman 2.1a2 ? and some of my problems In-Reply-To: <15169.1923.276912.897405@anthem.wooz.org> References: <200107021106.f62B6JJ16002@sun6.imbi.uni-freiburg.de> Message-ID: <5.1.0.14.2.20010702201222.04430460@lennier.cc.vt.edu> At 07:45 PM 7/2/01 -0400, you wrote: >Yes, because MM2.0.x used crypt to encrypt the passwords, but MM2.1 >uses sha since it's much more reliably built into Python. This needs >to get prominent notice in the release notes because there is no >automatic way for Mailman to fix these passwords (the plain text >cannot be programmatically extracted). You know, I'd seen this before, and it hadn't sunk in.. I expect this'll be a *big* loose for many existing sites. Hell, I don't actually know the list passwords to... Hmm. *Any* of my lists. Once I generated them for their owners, I didn't save the initial password, and encouraged them to change it anyway. And for the lists I run, I habitually use the site password to trump them out, since it's just easier that way. (Hell, I barely remember my personal list password on the lists :-)). I dread having to contact all the owners and arrange to get them a new password. (Note, having a tool that just emails out new random passwords to all the contacts isn't perfect, since I have people listed on a few lists that don't have the password, they just have the responsibility of answering the damn mail that comes in.) Or am I safe, because I'm not using crypt now? Doesn't it fall back to sha in that case? Or is they way 2.0 and 2.1 use it incompatible with each other? I already upgraded my 2.1 test system, and don't know the damn passwords there anyway :-). It might be worth considering another point release, to include a password recovery module for migration. Once installed, as each list admin authenticates, it checks to see if sha is already around. If so, it either just stashes the new format for later use in the config.db, or possibly goes ahead and migrates to using the new format. Come 2.1, most of the lists will be good to go already, and the admin page could easily include a signal that a particularly lists password was, or was not, valid anymore. (Hell, the login page could realistically include a note that "Your list has not finished conversion to the new software release. Please contact the site administrator to have your password reactivated." Similarly, 2.1 could include a fallback mechanism; if the password fails, and if crypt is available to load, try again with crypt, and if that works, convert the password and store it in the new format. With the two combined, you'd likely eliminate 90% of the migration difficulties (more, if it takes a while for 2.1 to come out). The ones worst impacted will be the ones who don't keep up to date, but they'll have multiple concerns anyway. From aylan@emirates.net.ae Tue Jul 3 03:31:54 2001 From: aylan@emirates.net.ae (Mubarak Mohammed) Date: Tue, 03 Jul 2001 06:31:54 +0400 Subject: [Mailman-Developers] Our registers Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0000_01C10389.D9D4F660 Content-Type: text/plain; charset="windows-1256" Content-Transfer-Encoding: 7bit My friends telling me that they regist with mailing list, but I didn't recieve anything about that. I Also don't know how can i access the mailing list. Thanks a lot in advance ------=_NextPart_000_0000_01C10389.D9D4F660 Content-Type: text/html; charset="windows-1256" Content-Transfer-Encoding: quoted-printable

    My = friends telling=20 me that they regist with mailing list, but I didn't recieve anything = about=20 that.
    I Also = don't know=20 how can i access the mailing list.
    Thanks = a lot in=20 advance
    ------=_NextPart_000_0000_01C10389.D9D4F660-- From barry@digicool.com Tue Jul 3 04:36:20 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 2 Jul 2001 23:36:20 -0400 Subject: [Mailman-Developers] How to downgrade from mailman 2.1a2 ? and some of my problems References: <200107021106.f62B6JJ16002@sun6.imbi.uni-freiburg.de> <5.1.0.14.2.20010702201222.04430460@lennier.cc.vt.edu> Message-ID: <15169.15796.395602.234020@anthem.wooz.org> >>>>> "RJ" == Ron Jarrell writes: RJ> You know, I'd seen this before, and it hadn't sunk in.. I RJ> expect this'll be a *big* loose for many existing sites. RJ> It might be worth considering another point release, to RJ> include a password recovery module for migration. Once RJ> installed, as each list admin authenticates, it checks to see RJ> if sha is already around. If so, it either just stashes the RJ> new format for later use in the config.db, or possibly goes RJ> ahead and migrates to using the new format. Actually, after I wrote this, I remember that I /did/ have some backwards compatibility hacks in the code for falling back to crypt and md5 if the sha password didn't match. I went back and looked and it turns out that stuff got lost when I rewrote the authentication mechanism. I'll add it back. -Barry From giancarlo@navigare.net Tue Jul 3 09:47:49 2001 From: giancarlo@navigare.net (giancarlo) Date: Tue, 03 Jul 2001 10:47:49 +0200 Subject: [Mailman-Developers] X-whatever headers in mail-news gw Message-ID: <3B4186B5.16D74B0B@navigare.net> Hi. I'd like to try to adjust the headers-cooking when relaying a mail message to a newsgroup. The reason, as I axplained in a recent post to mailman-users (see 'NNTP-posting-header not of sender' in June-2001), is that I'd like to give the possibility to trace who sent the message in the first instance. This is to avoid that someone can use mailman's mail-news features as an anonymizing resender, which is something people complained about at a newsgroup here. I know this all has little meaning and these headers are easily spoofed, but I don't want poeople to have anything 'formally uncorrect' to complain about. What I miss is: which of the original mail headers that contains this info is worth (and easier) to keep and tranform into an 'X-whatever' header? The 'Message-ID:' header or the first 'Received:' header? Also someone pointed to me that the 'X-complaints-to:' header in the message that gets to the newsgroup contains the 'abuse' addres at the news server, not the mailman gw administrator's one. It is obvious that the admins at the news server have no responsability for a message sent by an authorized poster, as the mailman-gateway has to be. So the second question is: Who and when writes the 'X-complaints-to:' header? I suspect this is written by the news server when the message gets there, and will override any previously exixting one. So' I'd have to invent another maybe 'X-complaints-in-first-place-to:' header to give a possibility to be reached. What do you think? Giancarlo From giancarlo@navigare.net Tue Jul 3 10:25:26 2001 From: giancarlo@navigare.net (giancarlo) Date: Tue, 03 Jul 2001 11:25:26 +0200 Subject: [Mailman-Developers] Re: X-whatever headers in mail-news gw References: <3B4186B5.16D74B0B@navigare.net> Message-ID: <3B418F86.1A268E4@navigare.net> > I'd like to try to adjust the headers-cooking when relaying a mail > message to a newsgroup. > > What I miss is: > > which of the original mail headers that contains this info is worth (and > easier) to keep and tranform into an 'X-whatever' header? The > 'Message-ID:' header or the first 'Received:' header? > Or maybe I can use a procmail rule in mailman's home dir to do this, instead of digging into the python code? Giancarlo From giancarlo@navigare.net Tue Jul 3 21:20:32 2001 From: giancarlo@navigare.net (giancarlo) Date: Tue, 03 Jul 2001 22:20:32 +0200 Subject: [Mailman-Developers] X-Original header Message-ID: <3B422910.962AC02F@navigare.net> managed to add 3 extra headers to track anonymous postings to newsgoup, in ToUsenet.py: X-Original-ID: X-Original-Received: X-Gateway-Complaints-To: in fact the hardest thing was to realize that in python indentation matters! Ciao From jarrell@vt.edu Wed Jul 4 03:51:27 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Tue, 03 Jul 2001 22:51:27 -0400 Subject: [Mailman-Developers] X-whatever headers in mail-news gw In-Reply-To: <3B4186B5.16D74B0B@navigare.net> Message-ID: <5.1.0.14.2.20010703224015.03c28840@lennier.cc.vt.edu> At 10:47 AM 7/3/01 +0200, giancarlo wrote: >Who and when writes the 'X-complaints-to:' header? I suspect this is >written by the news server when the message gets there, and will >override any previously exixting one. >So' I'd have to invent another maybe 'X-complaints-in-first-place-to:' >header to give a possibility to be reached. I can't speak to *all* news servers, but in innd it's put in by the server as it's posting the note. nnrpd discards any nnrp-posting-host, x-complatints-to, etc, etc, and inserts it's own authentic headers. Having mailman stick in a x-gateway-trace header, similar to the news x-trace header might not be a bad idea. Which could contain more tracing info, like who mailman things it got the note from, might not be a bad idea. As a bonus, if you're concerned about security, the info could be reversibly encrypted with a token stored in each lists config.db, with a place the admin, after getting a complaint, could go on the web interface to translate it... Maybe having a "x-gateway-complaint: Relayed by mailman: complaints to (listowner)" wouldn't be bad. Someone "in the know", can tell from what's in the header now what's going on, since the message id, x-mailman-version, and errors-to header are a clear footprint as to what happened, but the man on the street (and even the admin on the street who's never heard of mailman) could be confused. From giancarlo@navigare.net Wed Jul 4 08:05:47 2001 From: giancarlo@navigare.net (Giancarlo Pinerolo) Date: Wed, 04 Jul 2001 09:05:47 +0200 Subject: [Mailman-Developers] patch not-to limit_posts_to_members if from usenet in mail-news gw Message-ID: <3B42C04B.A21B1155@navigare.net> Now that I got the go with pyton, I also managed to modify Hold.py so that, in a mail-news gateway where 'members-posting-only' is set, this check will not apply to messages from the 'usenet side', but only to messages coming from the 'mailing-list side'. (see http://mail.python.org/pipermail/mailman-users/2001-June/012509.html for the prob) This way unaware news posters from out there in the world will not receive a 'not allowed to post' message, which they might not undersatand and complain about Really a minor intervention. Mailman code is very well structured and written. Does anyine think this may be interesting? Giancarlo From jcrey@uma.es Wed Jul 4 08:18:21 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Wed, 04 Jul 2001 09:18:21 +0200 Subject: [Mailman-Developers] Bug in nightly_gzip Message-ID: <3B42C33D.E4808013@uma.es> I have installed Mailman from CVS and this is what it says... Traceback (most recent call last): File "/home/mailman/cron/nightly_gzip", line 52, in ? from Mailman import MailList File "/home/mailman/Mailman/MailList.py", line 34, in ? from mimelib.address import getaddresses ImportError: No module named mimelib.address Is this a bug or my mimelib is obsolete (again:-) ? Cheers --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From barry@digicool.com Wed Jul 4 08:22:21 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed, 4 Jul 2001 03:22:21 -0400 Subject: [Mailman-Developers] Bug in nightly_gzip References: <3B42C33D.E4808013@uma.es> Message-ID: <15170.50221.417049.657139@anthem.wooz.org> >>>>> "JCRA" == Juan Carlos Rey Anaya writes: JCRA> I have installed Mailman from CVS and this is what it | says... Traceback (most recent call last): | File "/home/mailman/cron/nightly_gzip", line 52, in ? | from Mailman import MailList | File "/home/mailman/Mailman/MailList.py", line 34, in ? | from mimelib.address import getaddresses | ImportError: No module named mimelib.address JCRA> Is this a bug or my mimelib is obsolete (again:-) ? Not yet. :) This must be a problem with sys.path for the cron jobs. Does this go away when you take the -S out of the cron command? -Barry From jcrey@uma.es Wed Jul 4 09:20:27 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Wed, 04 Jul 2001 10:20:27 +0200 Subject: [Mailman-Developers] Bug in nightly_gzip References: <3B42C33D.E4808013@uma.es> <15170.50221.417049.657139@anthem.wooz.org> Message-ID: <3B42D1CB.C7844EEF@uma.es> "Barry A. Warsaw" wrote: >=20 > This must be a problem with sys.path for the cron jobs. Does this go > away when you take the -S out of the cron command? Yes. No problem. Cheers --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From giancarlo@navigare.net Wed Jul 4 17:15:33 2001 From: giancarlo@navigare.net (Giancarlo Pinerolo) Date: Wed, 04 Jul 2001 18:15:33 +0200 Subject: [Mailman-Developers] Re: patch not-to limit_posts_to_members if from usenet in mail-news gw References: <3B42C04B.A21B1155@navigare.net> Message-ID: <3B434125.34BF1C2C@navigare.net> That, of mine, was a quick patch to solve my particular problem, but then I started thinking at the logic that was behind the fact that 'restrict-post-to-members' would require anyone posting, via the news server too, to be registered at the mailman gateway. Maybe if you run both the mailman gateway *and* the nntp server you can benefit from that? I don't know anything about administering news, so I don't know the tools used there to limit posts or moderate the postings to a news server. But in case the mailman mail-news gateway is a gateway to a 'public' news server residing somewhere else, how can you cannot require that evryone who posts there, from all over the world, be subscribed to some unknown mailing list, and send him a message as 'you post is not allowed' too. I dont know what happens if, in this case, you set 'approve-required' (privacy) to a mail-news gw. Probably everyone who posts to the news from out there would get a message 'held for approval' too. So maybe there can be a distinguish between relaying from a newsgroup *you* manage, and relaying from a 'public' newsgoup out there. But doesn't a news server has his own way to restrict posts and get moderator approval? Thanks for any enlightment Giancarlo From mrocha@rec.utn.edu.ar Wed Jul 4 20:11:34 2001 From: mrocha@rec.utn.edu.ar (Mariela Rocha) Date: Wed, 4 Jul 2001 16:11:34 -0300 Subject: [Mailman-Developers] Ayuda, por favor. Message-ID: <00ad01c104bd$242948e0$8516d2aa@rec.utn.edu.ar> This is a multi-part message in MIME format. ------=_NextPart_000_00AA_01C104A3.FEA9B640 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hola, soy Mariela Rocha de la Universidad Tecnol=F3gica Nacional y estoy = tratando de instalar el software Mailman 2.0.5. y para ello necesito = Python. El tema es que despu=E9s de instalar Python intento correr el = ./configure para el mailman y me dice: castor:/usr/local/bin/mailman-2.0.5# ./configure = --with-python=3D/usr/local/bin/Python-1.5.2 loading cache ./config.cache checking for --with-python... /usr/local/bin/Python-1.5.2 checking Python interpreter... /usr/local/bin/Python-1.5.2 checking Python version... ./configure: /usr/local/bin/Python-1.5.2: = cannot exec ute cat: cannot open conftest.out configure: error: ***** /usr/local/bin/Python-1.5.2 is too old (or broken) ***** Python 1.5.2 or newer is required castor:/usr/local/bin/mailman-2.0.5# =20 Qu=E9 puede estar sucediendo? =20 Gracias! =20 -------------------------------------------------- -------------------------------------------------- Ing. Mariela C. Rocha Centro de Comunicaciones Rectorado - UTN Telefax: +54 11 5371 5662 e-mail: mrocha@utn.edu.ar ------=_NextPart_000_00AA_01C104A3.FEA9B640 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
    Hola, soy Mariela Rocha de la = Universidad=20 Tecnol=F3gica Nacional y estoy tratando de instalar el software Mailman = 2.0.5. y=20 para ello necesito Python. El tema es que despu=E9s de instalar Python = intento=20 correr el ./configure para el mailman y me dice:
     
    castor:/usr/local/bin/mailman-2.0.5# = ./configure=20 --with-python=3D/usr/local/bin/Python-1.5.2
    loading cache=20 ./config.cache
    checking for --with-python...=20 /usr/local/bin/Python-1.5.2
    checking Python interpreter...=20 /usr/local/bin/Python-1.5.2
    checking Python version... ./configure:=20 /usr/local/bin/Python-1.5.2: cannot exec
    ute
    cat: cannot open=20 conftest.out
    configure: error:
     
    ***** /usr/local/bin/Python-1.5.2 is = too old (or=20 broken)
    ***** Python 1.5.2 or newer is required

    castor:/usr/local/bin/mailman-2.0.5#
     
    Qu=E9 puede estar = sucediendo?
     
    Gracias!
     
    --------------------------------------------------
    ----------= ----------------------------------------
    Ing.=20 Mariela C. Rocha
    Centro de Comunicaciones
    Rectorado - = UTN
    Telefax: +54=20 11 5371 5662
    e-mail: mrocha@utn.edu.ar
    <= /BODY> ------=_NextPart_000_00AA_01C104A3.FEA9B640-- From jcrey@uma.es Thu Jul 5 08:46:25 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Thu, 05 Jul 2001 09:46:25 +0200 Subject: [Mailman-Developers] Ayuda, por favor. References: <00ad01c104bd$242948e0$8516d2aa@rec.utn.edu.ar> Message-ID: <3B441B51.76E1CA19@uma.es> > Mariela Rocha wrote: > [snip] > ***** /usr/local/bin/Python-1.5.2 is too old (or broken) > ***** Python 1.5.2 or newer is required >=20 > Qu=E9 puede estar sucediendo? Pues que no has desinstalado el python 1.5.2 y te lo est=E1 detectando antes que el python 2.0 Comprueba que detecta tu sistema con: which python o whereis python o simplemente ejecutando python A ver que versi=F3n te ejecuta. Si te dice que python est=E1 en /usr/bin/python quita este ejecutable y hazle un enlace donde est=E9 el python 2.0 Saludos --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From jcrey@uma.es Thu Jul 5 08:54:08 2001 From: jcrey@uma.es (Juan Carlos Rey Anaya) Date: Thu, 05 Jul 2001 09:54:08 +0200 Subject: [Mailman-Developers] unintended bad manners Message-ID: <3B441D20.A2F5F5BB@uma.es> Excuse me, trying to be swift in responding to a problem presented in my mother tongue, I have replied to the list in spanish when I was intending to reply only to the original poster. Cheers --=20 ___ / F \ [[[]]]] ( O O ) #----------------0000--(_)--0000---------------# | Juan Carlos Rey Anaya (jcrey@uma.es) | | Servicio Central de inform=E1tica | | Universidad de M=E1laga - Espa=F1a | #----------------------------------------------# From tnt@linux.ca Thu Jul 5 19:55:03 2001 From: tnt@linux.ca (Charles Iliya Krempeaux) Date: Thu, 05 Jul 2001 11:55:03 -0700 Subject: [Mailman-Developers] Want to Code... need some feedback Message-ID: <3B44B807.8050208@linux.ca> Hello, When it comes to Mailman, I'm a newbie, and some of my understanding of Mailman is probably naive or just plain wrong. But I'd like to do some coding on Mailman. (And with the help of J C Lawrence and Devdas Bhagat [on the Mailman-Users mailing list] I think I have enough of an understanding of how Mailman works to attempt to get started.) It's my hope that maybe someone code point me in the right direction, of where to get started (to start coding). For example, should I use the 2.0.5 source, or should I get the source directly from the CVS? Also, what is the usual work environment that people use to develop? Mailman with Sendmail? Mailman with Qmail? Mailman with exim? Mailman with PostFix? Etc? Does it matter? Also, I'd like to describe my ideas (to everyone) to get some feedback. (Tell me if the ideas are good. If they suck. Or if someone is already doing them.) Anyways, here's my intention.... It is my opinion that the current web based archive system leaves much to be desired (in terms of usability, funtionality, and even aesthetics). And I'd like to see it improved; or at least provide the ability from website creator to improve them. (And if noone else is working on these things, I'd like to do them myself.) I'd like to say straight off, that I do not really know anything about the internals of Mailman, except that it is coded in Python. (I haven't yet begun reading the souce.) But anyways.... I think that the interface for the archiver would be more usable if it was more like that of a Weblog or Bulletin Board. From this Weblog or Bulletin Board like interface [of the mailing list archiver] the user could see the `traffic' of one single mailing list, or see the `traffic' of many different mailing lists. Also, the users of this interface, would have other functionalities at their displosal; like searching. Also, the archiver's webpage could also serve as a kind homepage for the mailing list. Providing additional functioanlity, like FAQs, Links, etc. (I'm expecting this to get some critisizm.) Further, the Weblog or Bulletin Board interface could also serve as an additional way of users being able to post messages to the mailing list(s). (Basically, my intention is to blur -- from the user's perspective -- the difference between a Mailing List, and a Weblog or Bulletin Board.) To do this, I think that e-mail messages should be dumped into a database. (Since I have MySQL and PostgreSQL at my disposal, those are what I'll be able to support myself.) I am assuming that the current archiver for Mailman doesn't do this already, but instead uses some kind if file format. Is this correct? Also, I think it is a good idea to provide a gerenal PHP (and whatever other language) library for accessing to archive (in the database). That way the database structure, for the archiver, is free to change, without necessarily breaking everyone else's code. And websites can completely and seemlessly integrate the archiver into their website (by creating their own front ends, using the PHP [or whatever language] library). Also, a default Web based user interface should be provided (using the PHP library). (For those user's who don't want to do any coding.) Those are the basics of what I'd like to do. (I'll leave it at that, to get some feedback, before describing things further, or in more detail. But there is alot more to it. Stuff that would affect other parts of Mailman too,... besides just the archiver.) See ya Charles Iliya Krempeaux From claw@kanga.nu Thu Jul 5 20:22:29 2001 From: claw@kanga.nu (J C Lawrence) Date: Thu, 05 Jul 2001 12:22:29 -0700 Subject: [Mailman-Developers] Want to Code... need some feedback In-Reply-To: Message from Charles Iliya Krempeaux of "Thu, 05 Jul 2001 11:55:03 PDT." <3B44B807.8050208@linux.ca> References: <3B44B807.8050208@linux.ca> Message-ID: <9840.994360949@kanga.nu> On Thu, 05 Jul 2001 11:55:03 -0700 Charles Iliya Krempeaux wrote: > To do this, I think that e-mail messages should be dumped > into a database. (Since I have MySQL and PostgreSQL at my > disposal, those are what I'll be able to support myself.) I have some early proof of concepts done on having MHonArc generate scripts which when executed insert their respective message contents into PostgresQL with the appropriate threading links. The code is based off the PHP and templated based archiving I already do at Kanga.Nu, merely taking the already products PHP variable assignments in the current system and insteaf having the back end use them as the values to insert into the DB. It works. Kinda. Its not pretty. The reliance on PHP as an intermediate layer should be removed (slightly messy as MHonArc insists on inserting HTML-style comments), Proper thread handling and generation needs to be improved (Shouldn't reluy on MHonArc but should be dynamically generated). etc. -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ I never claimed to be human. From tnt@linux.ca Thu Jul 5 22:16:53 2001 From: tnt@linux.ca (Charles Iliya Krempeaux) Date: Thu, 05 Jul 2001 14:16:53 -0700 Subject: [Mailman-Developers] Want to Code... need some feedback Message-ID: <3B44D945.2050705@linux.ca> Hello, J C Lawrence wrote: >> To do this, I think that e-mail messages should be dumped >> into a database. (Since I have MySQL and PostgreSQL at my >> disposal, those are what I'll be able to support myself.) > > I have some early proof of concepts done on having MHonArc generate > scripts which when executed insert their respective message contents > into PostgresQL with the appropriate threading links. The code is > based off the PHP and templated based archiving I already do at > Kanga.Nu, merely taking the already products PHP variable > assignments in the current system and insteaf having the back end > use them as the values to insert into the DB. > > It works. Kinda. Its not pretty. The reliance on PHP as an > intermediate layer should be removed (slightly messy as MHonArc > insists on inserting HTML-style comments), Proper thread handling > and generation needs to be improved (Shouldn't reluy on MHonArc but > should be dynamically generated). etc. My way of thinking, of having it designed, is that Mailman (using Python) directly dumps the e-mail messages into the database. (Are there standard [or defacto standard] Python modules for accessing databases?... For accessing MySQL and PostgreSQL?) Then, standard PHP (and whatever other languages) bindings/libraries, to the database, can be provided. That way, the database is the middle man. And Mailman, and the PHP binding/library (and any other language binding/library) only depend on the database. (And better still, Mailman is completely independent of the PHP [and vice versa]. Only the database structure matters.) (To get a little deeper into the design...) the important things I see, to extract from each message (and also store), is: The author of the message. (This will probably be based on the e-mail address. But, IMO, it would be better to design it so a person/author is thought of as a seperate entity from an e-mail address. That way, a person/author could have more than one e-mail address, and still be recognized as the same person/author. There is one problem though... what happens if more than one person uses an e-mail address?) The message (or possiblely messages) that the e-mail message is a response to. The mailing list (or mailing lists) that it was sent to. The date & time it was received by the mailing list. The date & time it was (suppose) to have been sent. (Although this can be inaccurate when someone does not set their clock correctly,... as I understand it anyways.) The subject of the message. Other `things' that might want to be stored. (Maybe for statistical reasons. Maybe for other reasons.) The delivery history of the of the e-mail message. All the other headers found in the message. If a message is sent from the web interface, maybe store stuff like the IP address of the sender, etc. Does that sound reasonable? Have I missed anything? Your insight into the workings of Mailman would be much appreciated. See ya Charles Iliya Krempeaux From claw@2wire.com Thu Jul 5 22:32:47 2001 From: claw@2wire.com (J C Lawrence) Date: Thu, 05 Jul 2001 14:32:47 -0700 Subject: [Mailman-Developers] Want to Code... need some feedback In-Reply-To: Message from Charles Iliya Krempeaux of "Thu, 05 Jul 2001 14:16:53 PDT." <3B44D945.2050705@linux.ca> References: <3B44D945.2050705@linux.ca> Message-ID: <13606.994368767@2wire.com> On Thu, 05 Jul 2001 14:16:53 -0700 Charles Iliya Krempeaux wrote: > Hello, J C Lawrence wrote: >>> To do this, I think that e-mail messages should be dumped into a >>> database. (Since I have MySQL and PostgreSQL at my disposal, >>> those are what I'll be able to support myself.) >> I have some early proof of concepts done on having MHonArc >> generate scripts which when executed insert their respective >> message contents into PostgresQL with the appropriate threading >> links. The code is based off the PHP and templated based >> archiving I already do at Kanga.Nu, merely taking the already >> products PHP variable assignments in the current system and >> insteaf having the back end use them as the values to insert into >> the DB. >> >> It works. Kinda. Its not pretty. The reliance on PHP as an >> intermediate layer should be removed (slightly messy as MHonArc >> insists on inserting HTML-style comments), Proper thread handling >> and generation needs to be improved (Shouldn't reluy on MHonArc >> but should be dynamically generated). etc. > My way of thinking, of having it designed, is that Mailman (using > Python) directly dumps the e-mail messages into the database. > (Are there standard [or defacto standard] Python modules for > accessing databases?... For accessing MySQL and PostgreSQL?) Yes. > Then, standard PHP (and whatever other languages) > bindings/libraries, to the database, can be provided. That way, > the database is the middle man. And Mailman, and the PHP > binding/library (and any other language binding/library) only > depend on the database. (And better still, Mailman is completely > independent of the PHP [and vice versa]. Only the database > structure matters.) The reasons I don't want to do this: 1) MIME 2) national (and other) character sets 3) content types (really a subset of MIME but a large enough problem to be unique) > (To get a little deeper into the design...) the important things I > see, to extract from each message (and also store), is: Minimally: To: (multiple) From: CC: To: GECOS (multiple) From: GECOS CC: GECOS (multiple) Date: Receipt date Receipt address(es) (multiple) MessageID References: (multiple) In-Reply-To: (computed it missing, flagged) Subject: Prior subject (was: (...) matching, opportunistic history match) Message Body MIME Key (if any) MIME structure Indexes to external MIME items -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows From mentor@alb-net.com Thu Jul 5 23:59:31 2001 From: mentor@alb-net.com (Mentor Cana) Date: Thu, 5 Jul 2001 18:59:31 -0400 (EDT) Subject: [Mailman-Developers] error with latest CVS: len() of unsized object Message-ID: All... Here is the error logged after I send a message to a test list on the latest mailman CVS installation. I CVSed today's set of checkings... The message gets stuck in qfiles/shunt directory. -- Mentor ---------- Jul 05 18:54:08 2001 (23307) Uncaught runner exception: len() of unsized object Jul 05 18:54:08 2001 (23307) Traceback (most recent call last): File "/opt/home/mmtest/Mailman/Queue/Runner.py", line 102, in __oneloop self.__onefile(msg, msgdata) File "/opt/home/mmtest/Mailman/Queue/Runner.py", line 142, in __onefile sender = msg.get_sender() File "../Mailman/Message.py", line 66, in get_sender File "/usr/local/lib/python2.0/site-packages/mimelib/address.py", line 16, in getaddresses return a.getaddrlist() File "/usr/local/lib/python2.0/rfc822.py", line 522, in getaddrlist ad = self.getaddress() File "/usr/local/lib/python2.0/rfc822.py", line 530, in getaddress self.gotonext() File "/usr/local/lib/python2.0/rfc822.py", line 510, in gotonext while self.pos < len(self.field): TypeError: len() of unsized object From barry@digicool.com Fri Jul 6 03:30:33 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Thu, 5 Jul 2001 22:30:33 -0400 Subject: [Mailman-Developers] error with latest CVS: len() of unsized object References: Message-ID: <15173.8905.821853.119084@anthem.wooz.org> >>>>> "MC" == Mentor Cana writes: MC> Here is the error logged after I send a message to a test list MC> on the latest mailman CVS installation. I CVSed today's set of MC> checkings... MC> The message gets stuck in qfiles/shunt directory. That's were all bad messages go to die. :) Actually, it will (hopefully) make debugging easier. Let's find out! Can you send me both the .msg (or .pck) file and the .db file so I can run it through my own system and see if I can find the problem? Thanks, -Barry From werner@linpro.no Fri Jul 6 06:36:51 2001 From: werner@linpro.no (Morten Werner Olsen) Date: Fri, 6 Jul 2001 07:36:51 +0200 (CEST) Subject: [Mailman-Developers] Templates.. Message-ID: Hello. I try to change Mailman's look to make it fit into another web-interface, but because of some reason it's not enough to change the templates in /etc/mailman. One of the problems is the subscribe.html-file. I change it to what I want, but when it's shown, these four lines is printed in the top (and they are not from the template-file): Why, and is it a way I can stop this from happening? It destroys my bgcolor.. :) Best regards, Morten Werner Olsen. From Achim.Gaedk@zpr.uni-koeln.de Fri Jul 6 10:12:47 2001 From: Achim.Gaedk@zpr.uni-koeln.de (Achim Gaedke) Date: Fri, 06 Jul 2001 11:12:47 +0200 Subject: [Mailman-Developers] encrypted mailinglists Message-ID: <3B45810E.4BB33098@zpr.uni-koeln.de> Hello everybody! I wonder if you are interested in encrypted mailinglists. My ideas are: - Using pgp or gpg as encryption algorithm. - The list administrator/moderator generates a list key. - Everything, what is going to the list is encrypted with this public key (mails, subscription ...) - Outgoing mails are encrypted with the public keys of the list members. - If a new member wants to join this list, she/he must be approved by the moderator (otherwise, encryption does not make sense...), support for checking fingerprints of public keys and chains of trust would be nice. - Instead of encryption, signatures are added. I have no time to contribute jet, but maybe someone else is concerned with developing such a mailingist. Bye, Achim -- Achim Gaedke, ZPR Weyertal 80, 50931 K=F6ln Tel: +49 221 470 6021 From thomas@xs4all.net Fri Jul 6 12:25:23 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Fri, 6 Jul 2001 13:25:23 +0200 Subject: [Mailman-Developers] Templates.. In-Reply-To: References: Message-ID: <20010706132523.E8098@xs4all.nl> On Fri, Jul 06, 2001 at 07:36:51AM +0200, Morten Werner Olsen wrote: > I try to change Mailman's look to make it fit into another web-interface, > but because of some reason it's not enough to change the templates in > /etc/mailman. > One of the problems is the subscribe.html-file. I change it to what I > want, but when it's shown, these four lines is printed in the top (and > they are not from the template-file): > > > > > Why, and is it a way I can stop this from happening? It destroys my > bgcolor.. :) It's all explained in the following thread: http://mail.python.org/pipermail/mailman-developers/2001-June/004420.html You can also find a fix there :-) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From barry@digicool.com Fri Jul 6 16:42:39 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Fri, 6 Jul 2001 11:42:39 -0400 Subject: [Mailman-Developers] Templates.. References: <20010706132523.E8098@xs4all.nl> Message-ID: <15173.56431.451400.387646@anthem.wooz.org> >>>>> "TW" == Thomas Wouters writes: TW> It's all explained in the following thread: TW> http://mail.python.org/pipermail/mailman-developers/2001-June/004420.html TW> You can also find a fix there :-) And it should (finally!) be fixed in the 2.1 tree. -Barry From barry@digicool.com Tue Jul 10 03:28:19 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 9 Jul 2001 22:28:19 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] Poking and prodding the archiver References: <20010708195956.D17451@babylon5.babcom.com> Message-ID: <15178.26691.1632.266050@anthem.wooz.org> [Note: this discussion is more appropriate for mailman-developers, so I've changed the Cc: -baw] >>>>> "PS" == Phil Stracchino writes: PS> I've looked at some length through the code for the archiver PS> now, and although I still don't understand python, I've PS> figured out enough of what the archiver is doing to see that PS> it's apparently intentional that the path to mbox archives is PS> .../mailman/archives/private/list.mbox/list.mbox. Yes, and this is for security reasons as explained in the comment in Archiver.py (see InitVars()). The comment is slightly out-of-date in that the file under listname.mbox/ is also called listname.mbox. PS> What I haven't been able to figure out is *why* the code is PS> written to duplicate the last element in the pathname; See above. PS> nor why it is that the archiver is written in such a way that PS> it attempts to access this mbox archive directory with its PS> duplicated final pathname element even when mbox archives are PS> disabled, and fails if it doesn't exist. If this is true (and I haven't tested it), then it's most likely just old lurking bugs. The archiver/Pipermail stuff is the most neglected part of the codebase. People keep threatening to help rewrite it, but so far nothing's materialized, and I have little time or energy to devote to the Pipermail side. PS> I find this behavior even more curious in light of the fact PS> that newlist apparently creates archives/private/list.mbox PS> when it sets up the list, but does not create the PS> archives/private/list.mbox/list.mbox without the existence of PS> which the archiver fails. Do you mean the archiver fails or that the web access to the archiver fails? Certainly not the former (unless I misunderstand) because it works for me, and loads of other people. It's a known buglet that the pipermail url doesn't work until the first message is posted to the list. PS> I've applied the following patch to my HyperArch.py file PS> (patch also attached separately): [patch deleted] PS> I don't know what impact this has on mbox archives, but for PS> me, it makes the HTML archiver work. Hmm, odd. What I think will break is private archives. If you toggle an archive to private, I seem to remember that you can craft a url to trick the web server into vending an archive page for you directly, instead of forcing you to go through authentication with the private.py cgi. PS> I would welcome comment, any explanations for the curious PS> state of unsatisfied and illogical dependencies described PS> above, and any advice on fixing anything that this patch PS> breaks. It's still a mystery to me why the archiver should PS> even *care* whether or not the mbox archive directory exists, PS> when mbox archives are disabled in the master configuration PS> anyway. It probably shouldn't, but then Mailman probably shouldn't support ARCHIVE_TO_MBOX=0. Archiving to the mbox is about as fast as it gets, since it is just a file append, and it's /incredibly/ handy to have that .mbox file around (even as large as it can get), in case you want to regenerate your archive, or you want to migrate to a different external archiver. -Barry From alaric@babcom.com Tue Jul 10 04:15:18 2001 From: alaric@babcom.com (Phil Stracchino) Date: Mon, 9 Jul 2001 20:15:18 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] Poking and prodding the archiver In-Reply-To: <15178.26691.1632.266050@anthem.wooz.org>; from barry@digicool.com on Mon, Jul 09, 2001 at 10:28:19PM -0400 References: <20010708195956.D17451@babylon5.babcom.com> <15178.26691.1632.266050@anthem.wooz.org> Message-ID: <20010709201518.B10767@babylon5.babcom.com> On Mon, Jul 09, 2001 at 10:28:19PM -0400, Barry A. Warsaw wrote: > > [Note: this discussion is more appropriate for mailman-developers, so > I've changed the Cc: -baw] > >>>>> "PS" == Phil Stracchino writes: > > PS> I've looked at some length through the code for the archiver > PS> now, and although I still don't understand python, I've > PS> figured out enough of what the archiver is doing to see that > PS> it's apparently intentional that the path to mbox archives is > PS> .../mailman/archives/private/list.mbox/list.mbox. > > Yes, and this is for security reasons as explained in the comment in > Archiver.py (see InitVars()). The comment is slightly out-of-date in > that the file under listname.mbox/ is also called listname.mbox. Right. I understand why all archives are stored under archives/private; what I wasn't understanding was why the last pathname element was duplicated, because until I'd (a) worked around it temporarily and (b) seen mailman/bin/arch in action, I didn't understand that it was a case of a listname.mbox directory containing a listname.mbox file. > PS> nor why it is that the archiver is written in such a way that > PS> it attempts to access this mbox archive directory with its > PS> duplicated final pathname element even when mbox archives are > PS> disabled, and fails if it doesn't exist. > > If this is true (and I haven't tested it), then it's most likely just > old lurking bugs. The archiver/Pipermail stuff is the most neglected > part of the codebase. People keep threatening to help rewrite it, but > so far nothing's materialized, and I have little time or energy to > devote to the Pipermail side. Well, I'm trying to figure out the problem, but my Python-fu is small. :) > PS> I find this behavior even more curious in light of the fact > PS> that newlist apparently creates archives/private/list.mbox > PS> when it sets up the list, but does not create the > PS> archives/private/list.mbox/list.mbox without the existence of > PS> which the archiver fails. > > Do you mean the archiver fails or that the web access to the archiver > fails? Certainly not the former (unless I misunderstand) because it > works for me, and loads of other people. It's a known buglet that the > pipermail url doesn't work until the first message is posted to the list. Both. If the mbox file does not exist, the pipermail URL points to a zero-length document, so web access to the archives fails; and no HTML archive files are created, so there's no HTML archives to access in the first place. Only flat text archives are created. > PS> I've applied the following patch to my HyperArch.py file > PS> (patch also attached separately): [Note: Now that I understand what's happening and why, I have removed the patch.] > > [patch deleted] > > PS> I don't know what impact this has on mbox archives, but for > PS> me, it makes the HTML archiver work. > > Hmm, odd. What I think will break is private archives. If you toggle > an archive to private, I seem to remember that you can craft a url to > trick the web server into vending an archive page for you directly, > instead of forcing you to go through authentication with the > private.py cgi. Actually, on further examination, I think what it'll do is break mbox archives. > PS> It's still a mystery to me why the archiver should > PS> even *care* whether or not the mbox archive directory exists, > PS> when mbox archives are disabled in the master configuration > PS> anyway. > > It probably shouldn't, but then Mailman probably shouldn't support > ARCHIVE_TO_MBOX=0. Archiving to the mbox is about as fast as it gets, > since it is just a file append, and it's /incredibly/ handy to have > that .mbox file around (even as large as it can get), in case you want > to regenerate your archive, or you want to migrate to a different > external archiver. True, though it can be regenerated from the year-month.txt files created by the web archiver. (This is what I did in order to regenerate my back archives with arch.) Right now I'm doing a test to find out whether the archiver cares whether archives/private/listname.mbox/listname.mbox is non-zero length, so long as it actually exists. From what I've been able to glean from the code, I don't think it should care. If this is the case, then a simple workaround exists to the pipermail problems, which is to simply touch the file at the time the list directories are created. I've looked at newlist to see if I can see where this is done, and I think I've traced it to Utils.MakeDirTree(), but I don't know enough about Python or the internals of Mailman to figure out where the path data for it is coming from yet. I'll continue to study it to see if I can figure it out, but it'd probably be a lot quicker if one of the Real Developers could suggest a test patch to add creation of an empty .mbox file to the list creation operation. -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek alaric@babcom.com halmayne@sourceforge.net 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) From barry@digicool.com Tue Jul 10 06:17:17 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 10 Jul 2001 01:17:17 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? References: <15178.24477.255057.658552@anthem.wooz.org> Message-ID: <15178.36829.848426.571906@anthem.wooz.org> >>>>> "JJ" == Joshua Jore writes: JJ> No, but it would require than /home/mailman be owned by JJ> root. Which reminds me: I've been thinking about changing the default $prefix to be /usr/local/mailman in MM2.1. It makes much more sense to me and is in fact, what I use for all my new lists these days. You would, of course, be able to give configure --prefix=/home/mailman to get the MM2.0 default. Would that cause undo hardship to folks? -Barry From gorg@sun1.imbi.uni-freiburg.de Tue Jul 10 11:03:12 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Tue, 10 Jul 2001 12:03:12 +0200 Subject: [Mailman-Developers] No module named RFC822 Message-ID: <200107101003.f6AA3DS17125@sun31.imbi.uni-freiburg.de> Before sending in another peculiar observation, I wanted to update my mailman version. After "cvs update" I did a "make install" and got the following error: Compiling /home/mailman/Mailman/versions.py ... Traceback (most recent call last): File "bin/update", line 46, in ? from Mailman import MailList File "/home/mailman/Mailman/MailList.py", line 49, in ? from Mailman.Bouncer import Bouncer File "/home/mailman/Mailman/Bouncer.py", line 29, in ? from mimelib.RFC822 import RFC822 ImportError: No module named RFC822 Normal sending with known subscribers seems to work, but senddigests now complains with the same error: /usr/local/bin/python /home/mailman/cron/senddigests produced the following output: Traceback (most recent call last): File "/home/mailman/cron/senddigests", line 25, in ? from Mailman import MailList File "/home/mailman/Mailman/MailList.py", line 49, in ? from Mailman.Bouncer import Bouncer File "/home/mailman/Mailman/Bouncer.py", line 29, in ? from mimelib.RFC822 import RFC822 ImportError: No module named RFC822 What should I do? Best wishes Georg -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From thomas@xs4all.net Tue Jul 10 12:42:56 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Tue, 10 Jul 2001 13:42:56 +0200 Subject: [Mailman-Developers] No module named RFC822 In-Reply-To: <200107101003.f6AA3DS17125@sun31.imbi.uni-freiburg.de> References: <200107101003.f6AA3DS17125@sun31.imbi.uni-freiburg.de> Message-ID: <20010710134256.X8098@xs4all.nl> On Tue, Jul 10, 2001 at 12:03:12PM +0200, Georg Koch wrote: > Before sending in another peculiar observation, I wanted to update my > mailman version. After "cvs update" I did a "make install" and got the > following error: > Compiling /home/mailman/Mailman/versions.py ... > Traceback (most recent call last): > File "bin/update", line 46, in ? > from Mailman import MailList > File "/home/mailman/Mailman/MailList.py", line 49, in ? > from Mailman.Bouncer import Bouncer > File "/home/mailman/Mailman/Bouncer.py", line 29, in ? > from mimelib.RFC822 import RFC822 > ImportError: No module named RFC822 > > Normal sending with known subscribers seems to work, but senddigests > now complains with the same error: > > /usr/local/bin/python /home/mailman/cron/senddigests > produced the following output: > > Traceback (most recent call last): > File "/home/mailman/cron/senddigests", line 25, in ? > from Mailman import MailList > File "/home/mailman/Mailman/MailList.py", line 49, in ? > from Mailman.Bouncer import Bouncer > File "/home/mailman/Mailman/Bouncer.py", line 29, in ? > from mimelib.RFC822 import RFC822 > ImportError: No module named RFC822 > What should I do? Probably update your 'mimelib' version. 0.4 is now required. -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From jra@baylink.com Tue Jul 10 14:28:26 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Tue, 10 Jul 2001 09:28:26 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <15178.36829.848426.571906@anthem.wooz.org>; from "Barry A. Warsaw" on Tue, Jul 10, 2001 at 01:17:17AM -0400 References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> Message-ID: <20010710092826.40751@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 01:17:17AM -0400, Barry A. Warsaw wrote: > Which reminds me: I've been thinking about changing the default > $prefix to be /usr/local/mailman in MM2.1. It makes much more sense > to me and is in fact, what I use for all my new lists these days. You > would, of course, be able to give configure --prefix=/home/mailman to > get the MM2.0 default. > > Would that cause undo hardship to folks? Nope, wouldn't bother me at all. I install Mailman in /appl/mailman [where it belongs], right next to all my other subsystem-level applications. ;-) Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From barry@digicool.com Tue Jul 10 15:06:26 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 10 Jul 2001 10:06:26 -0400 Subject: [Mailman-Developers] No module named RFC822 References: <200107101003.f6AA3DS17125@sun31.imbi.uni-freiburg.de> Message-ID: <15179.3042.801849.747558@anthem.wooz.org> >>>>> "GK" == Georg Koch writes: GK> Before sending in another peculiar observation, I wanted to GK> update my mailman version. After "cvs update" I did a "make GK> install" and got the following error: You need to grab mimelib-0.4 from www.sf.net/projects/mimelib. Also, I got sidetracked last night in the middle of checkins so the cvs tree may be a bit unstable for the next couple of hours. Until I can clear all the checkins. -Barry From gorg@sun1.imbi.uni-freiburg.de Tue Jul 10 16:53:39 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Tue, 10 Jul 2001 17:53:39 +0200 Subject: [Mailman-Developers] multipart/mixed error Message-ID: <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> This is a multipart MIME message. --==_Exmh_-5605721300 Content-Type: text/plain; charset=us-ascii The attached message is a multipart/mixed containing 2 parts. But when I send it to the test list, I get a message containing 3 parts - there is a new empty part text/plain charset=us-ascii in front. But if I add a blank in the header like this, < Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" --- > Content-Type: multipart/mixed ; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" and send it: it is only 2 parts again. Several people using my mailman use Microsoft exchange server, which sends it the "wrong" way. For them the message looks like an empty message, with a "message" as attachment. Can it be fixed? Best wishes Georg --==_Exmh_-5605721300 Content-Type: text/plain ; name="3parts.mail"; charset=us-ascii Content-Description: 3parts.mail Content-Disposition: attachment; filename="3parts.mail" MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) From: gorg@cochrane.de To: test@cochrane.de Subject: test [Mwgs] CSG Midsummer Newsletter Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C0FFD9.6A425B60 Content-Type: text/plain; charset="iso-8859-1" first part ------_=_NextPart_000_01C0FFD9.6A425B60 Content-Type: text/plain; charset="iso-8859-1" second part ------_=_NextPart_000_01C0FFD9.6A425B60-- --==_Exmh_-5605721300 Content-Type: text/plain; charset=us-ascii -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ --==_Exmh_-5605721300-- From thomas@xs4all.net Tue Jul 10 16:58:41 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Tue, 10 Jul 2001 17:58:41 +0200 Subject: [Mailman-Developers] multipart/mixed error In-Reply-To: <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> References: <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> Message-ID: <20010710175841.B8098@xs4all.nl> On Tue, Jul 10, 2001 at 05:53:39PM +0200, Georg Koch wrote: > The attached message is a multipart/mixed containing 2 parts. But > when I send it to the test list, I get a message containing 3 parts - > there is a new empty part text/plain charset=us-ascii in front. > > But if I add a blank in the header like this, > < Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" > --- > > Content-Type: multipart/mixed ; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" > > and send it: it is only 2 parts again. > > Several people using my mailman use Microsoft exchange server, > which sends it the "wrong" way. For them the message looks > like an empty message, with a "message" as attachment. What version of Mailman are you using ? -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From gorg@sun1.imbi.uni-freiburg.de Tue Jul 10 17:08:46 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Tue, 10 Jul 2001 18:08:46 +0200 Subject: [Mailman-Developers] multipart/mixed error In-Reply-To: Your message of "Tue, 10 Jul 2001 17:58:41 +0200." <20010710175841.B8098@xs4all.nl> Message-ID: <200107101608.f6AG8k618093@sun8.imbi.uni-freiburg.de> > What version of Mailman are you using ? 2.1a2 with python 2.1 and mimelib0.4 -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From alaric@babcom.com Tue Jul 10 18:43:26 2001 From: alaric@babcom.com (Phil Stracchino) Date: Tue, 10 Jul 2001 10:43:26 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <20010710092826.40751@scfn.thpl.lib.fl.us>; from jra@baylink.com on Tue, Jul 10, 2001 at 09:28:26AM -0400 References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> Message-ID: <20010710104326.A21535@babylon5.babcom.com> On Tue, Jul 10, 2001 at 09:28:26AM -0400, Jay R. Ashworth wrote: > On Tue, Jul 10, 2001 at 01:17:17AM -0400, Barry A. Warsaw wrote: > > Would that cause undo hardship to folks? > > Nope, wouldn't bother me at all. > > I install Mailman in /appl/mailman [where it belongs], right next to all > my other subsystem-level applications. ;-) I personally use /opt/mailman. So long as changing the prefix from the default still works, I don't see why changing the default should inconvenience anyone except those who don't read the instructions and release notes. -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek alaric@babcom.com halmayne@sourceforge.net 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) From claw@kanga.nu Tue Jul 10 18:55:41 2001 From: claw@kanga.nu (J C Lawrence) Date: Tue, 10 Jul 2001 10:55:41 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: Message from "Jay R. Ashworth" of "Tue, 10 Jul 2001 09:28:26 EDT." <20010710092826.40751@scfn.thpl.lib.fl.us> References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> Message-ID: <1860.994787741@kanga.nu> On Tue, 10 Jul 2001 09:28:26 -0400 Jay R Ashworth wrote: > I install Mailman in /appl/mailman [where it belongs], right next > to all my other subsystem-level applications. ;-) Next thing you know you'll be advocating /opt and other Sun-brain damage. ObRant: Isolated directory hierarchies for applications are DOS/Windows-like and make managing filesystem allocation a pain. I prefer an FHS based install: $PREFIX=/var/lib/mailman templates go in /etc/mailman logs go in /var/log/mailman executables go in /usr/sbin (newlist, find_member, etc) CGIs go under /usr/lib/cgi-bin etc Makes things easily manageable and in-line with the rest of the system. Happily the Debian Mailman package does this by default. Damned nice job there actually. -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ I never claimed to be human. From jra@baylink.com Tue Jul 10 19:43:33 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Tue, 10 Jul 2001 14:43:33 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <1860.994787741@kanga.nu>; from J C Lawrence on Tue, Jul 10, 2001 at 10:55:41AM -0700 References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> Message-ID: <20010710144333.63917@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 10:55:41AM -0700, J C Lawrence wrote: > > I install Mailman in /appl/mailman [where it belongs], right next > > to all my other subsystem-level applications. ;-) > > Next thing you know you'll be advocating /opt and other Sun-brain > damage. No; that's why I use /appl; I *hate* /opt. > ObRant: Isolated directory hierarchies for applications are > DOS/Windows-like and make managing filesystem allocation a pain. > > I prefer an FHS based install: > > $PREFIX=/var/lib/mailman > templates go in /etc/mailman > logs go in /var/log/mailman > executables go in /usr/sbin (newlist, find_member, etc) > CGIs go under /usr/lib/cgi-bin > etc That would be great, if Mailman were a) compiled and b) homogenous. It's neither, so there has to be *some* place to put all the pieces. > Makes things easily manageable and in-line with the rest of the > system. Happily the Debian Mailman package does this by default. > Damned nice job there actually. /var/lib/mailman? I'm not sure that's actually the proper place to put such stuff; what are the assumptions for /var? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From giancarlo@navigare.net Tue Jul 10 20:22:29 2001 From: giancarlo@navigare.net (giancarlo) Date: Tue, 10 Jul 2001 21:22:29 +0200 Subject: [Mailman-Developers] Show date-sent in HTML archive even if that's not the archival logic Message-ID: <3B4B55F5.E901FE98@navigare.net> I decided to set the archive logic to 'when-resent' to avoid those bogus archives far away in the future. Nevertheless I wanted the HTML archiver to show the X-Original-Date value in the list archive. So, now tha I am launched with Python, I made a little patch to pipermail.py (I have version 2.0.1) 221c221,224 < if message.has_key('Date'): --- > if message.has_key('X-Original-Date'): > self.datestr = str(message['X-Original-Date']) > date = message.getdate_tz('X-Original-Date') > elif message.has_key('Date'): Hope I've guessed the whole thing right... Giancarlo From tollef@add.no Tue Jul 10 20:39:57 2001 From: tollef@add.no (Tollef Fog Heen) Date: 10 Jul 2001 21:39:57 +0200 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <20010710144333.63917@scfn.thpl.lib.fl.us> References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> Message-ID: <873d84375e.fsf@arabella.intern.opera.no> * "Jay R. Ashworth" | > Makes things easily manageable and in-line with the rest of the | > system. Happily the Debian Mailman package does this by default. | > Damned nice job there actually. *smiles and bows* | /var/lib/mailman? I'm not sure that's actually the proper place to put | such stuff; what are the assumptions for /var? from the FHS: 5. The /var Hierarchy /var -- Variable data [snip] +-lib Variable state information [snip] 5.5 /var/lib : Variable state information /var/lib -- Variable state information [snip] +- State data for packages and subsystems This hierarchy holds state information pertaining to an application or the system. State information is data that programs modify while they run, and that pertains to one specific host. Users should never need to modify files in /var/lib to configure a package's operation. State information is generally used to preserve the condition of an application (or a group of inter-related applications) between invocations and between different instances of the same application. State information should generally remain valid after a reboot, should not be logging output, and should not be spooled data. An application (or a group of inter-related applications) should use a subdirectory of /var/lib for its data. There is one required subdirectory, /var/lib/misc, which is intended for state files that don't need a subdirectory; the other subdirectories should only be present if the application in question is included in the distribution. So, perhaps I should move qfiles to /var/spool/mailman/qfiles, but I don't think I will. -- Tollef Fog Heen, Debian Mailman Maintainer You Can't Win From jra@baylink.com Tue Jul 10 21:04:03 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Tue, 10 Jul 2001 16:04:03 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <873d84375e.fsf@arabella.intern.opera.no>; from Tollef Fog Heen on Tue, Jul 10, 2001 at 09:39:57PM +0200 References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> <873d84375e.fsf@arabella.intern.opera.no> Message-ID: <20010710160403.58184@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 09:39:57PM +0200, Tollef Fog Heen wrote: > | /var/lib/mailman? I'm not sure that's actually the proper place to put > | such stuff; what are the assumptions for /var? > > from the FHS: > > 5. The /var Hierarchy > > /var -- Variable data > [snip] > +-lib Variable state information > [snip] > 5.5 /var/lib : Variable state information > > /var/lib -- Variable state information > [snip] > +- State data for packages and subsystems > This hierarchy holds state information pertaining to an application or > the system. State information is data that programs modify while they > run, and that pertains to one specific host. Users should never need to > modify files in /var/lib to configure a package's operation. Which makes my point that the mailman homedir can't be there, since it contains code... Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From barry@digicool.com Tue Jul 10 21:27:12 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 10 Jul 2001 16:27:12 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> <873d84375e.fsf@arabella.intern.opera.no> Message-ID: <15179.25888.11411.739555@anthem.wooz.org> I think it's fine (cool, in fact!) for packagers to DTRT w.r.t. to the Linux distros they're supporting. If there is something I can do to make your lives easier, let's talk about it. But by default, I want a source install to put all Mailman files under a single common subdir (i.e. the way it works now). I think it's easy enough to configure it for just about any file system layout. -Barry From thomas@xs4all.net Tue Jul 10 21:40:31 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Tue, 10 Jul 2001 22:40:31 +0200 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <15179.25888.11411.739555@anthem.wooz.org> References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> <873d84375e.fsf@arabella.intern.opera.no> <15179.25888.11411.739555@anthem.wooz.org> Message-ID: <20010710224031.C8098@xs4all.nl> On Tue, Jul 10, 2001 at 04:27:12PM -0400, Barry A. Warsaw wrote: > I think it's fine (cool, in fact!) for packagers to DTRT w.r.t. to the > Linux distros they're supporting. If there is something I can do to > make your lives easier, let's talk about it. But by default, I want a > source install to put all Mailman files under a single common subdir > (i.e. the way it works now). I think it's easy enough to configure it > for just about any file system layout. Concur. I also very much prefer /usr/local/mailman, though I wouldn't mind something like Apache's 'layout' system, where one of the layouts can be 'FHS' :-) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From claw@2wire.com Tue Jul 10 21:42:32 2001 From: claw@2wire.com (J C Lawrence) Date: Tue, 10 Jul 2001 13:42:32 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: Message from barry@digicool.com (Barry A. Warsaw) of "Tue, 10 Jul 2001 16:27:12 EDT." <15179.25888.11411.739555@anthem.wooz.org> References: <15178.24477.255057.658552@anthem.wooz.org> <15178.36829.848426.571906@anthem.wooz.org> <20010710092826.40751@scfn.thpl.lib.fl.us> <1860.994787741@kanga.nu> <20010710144333.63917@scfn.thpl.lib.fl.us> <873d84375e.fsf@arabella.intern.opera.no> <15179.25888.11411.739555@anthem.wooz.org> Message-ID: <13636.994797752@2wire.com> On Tue, 10 Jul 2001 16:27:12 -0400 Barry A Warsaw wrote: > I think it's easy enough to configure it for just about any file > system layout. Aye, not all the *nix world is Linux and the exceptions have little interest in the FHS. -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows From Dan Mick Tue Jul 10 21:53:46 2001 From: Dan Mick (Dan Mick) Date: Tue, 10 Jul 2001 13:53:46 -0700 (PDT) Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? Message-ID: <200107102053.NAA08106@utopia.West.Sun.COM> > > I think it's easy enough to configure it for just about any file > > system layout. > > Aye, not all the *nix world is Linux and the exceptions have little > interest in the FHS. Indeed. Some of us, in fact, have no idea what y'all are babbling about. I've heard of LHS and RHS, but FHS....well, the only thing that comes to mind is things I've said while trying to write formal proofs. :) From barry@digicool.com Tue Jul 10 22:23:29 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 10 Jul 2001 17:23:29 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] OpenBSD Trusted Path Execution (TPE) compatibility? References: <200107102053.NAA08106@utopia.West.Sun.COM> Message-ID: <15179.29265.675267.839462@anthem.wooz.org> >>>>> "DM" == Dan Mick writes: >> I think it's easy enough to configure it for just about any >> file system layout. >> Aye, not all the *nix world is Linux and the exceptions have >> little interest in the FHS. DM> Indeed. Some of us, in fact, have no idea what y'all are DM> babbling about. I've heard of LHS and RHS, but FHS....well, DM> the only thing that comes to mind is things I've said while DM> trying to write formal proofs. :) I didn't either (or really, I'd forgotten). Type "FHS" into google and be amazed again; the very first hit explains all. :) if-coolness-equalled-wealth-they'd-all-be-googlenairs-ly y'rs, -Barry From mats@laplaza.org Tue Jul 10 23:15:23 2001 From: mats@laplaza.org (Mats Wichmann) Date: Tue, 10 Jul 2001 16:15:23 -0600 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <200107102053.NAA08106@utopia.West.Sun.COM> Message-ID: <5.1.0.14.1.20010710161149.00a9feb0@laplaza.org> At 01:53 PM 7/10/2001 -0700, Dan Mick wrote: > >> > I think it's easy enough to configure it for just about any file >> > system layout. >> >> Aye, not all the *nix world is Linux and the exceptions have little >> interest in the FHS. > >Indeed. Some of us, in fact, have no idea what y'all are babbling >about. I've heard of LHS and RHS, but FHS....well, the only thing >that comes to mind is things I've said while trying to write >formal proofs. :) The FHS is the Filsystem Heirarchy Standard. It's an effort to keep Linux administrators sane by suggesting where things ought to go. Nobody uses it. Mats (yes, I know that's an eggs-ageration, but in practical terms, worrying about the FHS /now/ is a pointless exercise since so many folks just put things wherever they want) From chuqui@plaidworks.com Wed Jul 11 04:57:56 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Tue, 10 Jul 2001 20:57:56 -0700 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <5.1.0.14.1.20010710161149.00a9feb0@laplaza.org> Message-ID: On 7/10/01 3:15 PM, "Mats Wichmann" wrote: > The FHS is the Filsystem Heirarchy Standard. > It's an effort to keep Linux administrators sane > by suggesting where things ought to go. > > Nobody uses it. Does that mean we need to write it up as an RFC, or should it go right to IEEE, since it's obviously ready? Or maybe we need to send it to ANSI? From jra@baylink.com Wed Jul 11 05:05:39 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 11 Jul 2001 00:05:39 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: ; from Chuq Von Rospach on Tue, Jul 10, 2001 at 08:57:56PM -0700 References: <5.1.0.14.1.20010710161149.00a9feb0@laplaza.org> Message-ID: <20010711000539.17985@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 08:57:56PM -0700, Chuq Von Rospach wrote: > On 7/10/01 3:15 PM, "Mats Wichmann" wrote: > > The FHS is the Filsystem Heirarchy Standard. > > It's an effort to keep Linux administrators sane > > by suggesting where things ought to go. > > Nobody uses it. > > Does that mean we need to write it up as an RFC, or should it go right to > IEEE, since it's obviously ready? Or maybe we need to send it to ANSI? No, that just means we need to can "no one does use it, therefore it's useless" type people. :-) Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From claw@2wire.com Wed Jul 11 05:29:29 2001 From: claw@2wire.com (J C Lawrence) Date: Tue, 10 Jul 2001 21:29:29 -0700 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: Message from Chuq Von Rospach of "Tue, 10 Jul 2001 20:57:56 PDT." References: Message-ID: <2962.994825769@2wire.com> On Tue, 10 Jul 2001 20:57:56 -0700 Chuq Von Rospach wrote: > On 7/10/01 3:15 PM, "Mats Wichmann" wrote: >> The FHS is the Filsystem Heirarchy Standard. It's an effort to >> keep Linux administrators sane by suggesting where things ought >> to go. >> >> Nobody uses it. Apparently you have not noticed: http://www.linuxbase.org/test/results/ Aside: Roughly two thirds of the Debian faults were errors in testing rather than in Debian (eg packages needed for the test not installed). > Does that mean we need to write it up as an RFC, or should it go > right to IEEE, since it's obviously ready? Or maybe we need to > send it to ANSI? It is clear that ICANN has demonstrated a clear willingness and ability to move and act decisively in a manner which is both technically astute and which supports the best interests of 'net users in general. Surely, hopefully, they can be persuaded to lend a brief smidgeon their impressive talents to a task as significant as this. -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ The pressure to survive and rhetoric may make strange bedfellows From jra@baylink.com Wed Jul 11 05:32:49 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 11 Jul 2001 00:32:49 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <2962.994825769@2wire.com>; from J C Lawrence on Tue, Jul 10, 2001 at 09:29:29PM -0700 References: <2962.994825769@2wire.com> Message-ID: <20010711003249.22969@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 09:29:29PM -0700, J C Lawrence wrote: > It is clear that ICANN has demonstrated a clear willingness and > ability to move and act decisively in a manner which is both > technically astute and which supports the best interests of 'net > users in general. Surely, hopefully, they can be persuaded to lend > a brief smidgeon their impressive talents to a task as significant > as this. What *delightfully* understated sarcasm, Joe. You almost even caught me. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From barry@digicool.com Wed Jul 11 06:24:18 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed, 11 Jul 2001 01:24:18 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? References: <5.1.0.14.1.20010710161149.00a9feb0@laplaza.org> Message-ID: <15179.58114.31978.777495@anthem.wooz.org> >>>>> "CVR" == Chuq Von Rospach writes: CVR> Does that mean we need to write it up as an RFC, or should it CVR> go right to IEEE, since it's obviously ready? Or maybe we CVR> need to send it to ANSI? Definitely ISO. :) From barry@digicool.com Wed Jul 11 06:26:13 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed, 11 Jul 2001 01:26:13 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? References: <2962.994825769@2wire.com> Message-ID: <15179.58229.604239.900660@anthem.wooz.org> >>>>> "JCL" == J C Lawrence writes: JCL> It is clear that ICANN has demonstrated a clear willingness ---------------------------------------------------------^^^^^^^^^^^ I swear I first read this as "clear silliness", but maybe I'm just more tired than I think. ;) From claw@kanga.nu Wed Jul 11 06:39:26 2001 From: claw@kanga.nu (J C Lawrence) Date: Tue, 10 Jul 2001 22:39:26 -0700 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: Message from "Jay R. Ashworth" of "Wed, 11 Jul 2001 00:32:49 EDT." <20010711003249.22969@scfn.thpl.lib.fl.us> References: <2962.994825769@2wire.com> <20010711003249.22969@scfn.thpl.lib.fl.us> Message-ID: <13144.994829966@kanga.nu> On Wed, 11 Jul 2001 00:32:49 -0400 Jay R Ashworth wrote: > On Tue, Jul 10, 2001 at 09:29:29PM -0700, J C Lawrence wrote: >> It is clear that ICANN has demonstrated a clear willingness and >> ability to move and act decisively in a manner which is both >> technically astute and which supports the best interests of 'net >> users in general. Surely, hopefully, they can be persuaded to >> lend a brief smidgeon of their impressive talents to a task as >> significant as this. > What *delightfully* understated sarcasm, Joe. You almost even > caught me. I had to empty my cranium of marketing-speak before I became ill... -- J C Lawrence claw@kanga.nu ---------(*) http://www.kanga.nu/~claw/ I never claimed to be human. From jra@baylink.com Wed Jul 11 07:08:59 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 11 Jul 2001 02:08:59 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <13144.994829966@kanga.nu>; from J C Lawrence on Tue, Jul 10, 2001 at 10:39:26PM -0700 References: <2962.994825769@2wire.com> <20010711003249.22969@scfn.thpl.lib.fl.us> <13144.994829966@kanga.nu> Message-ID: <20010711020859.49054@scfn.thpl.lib.fl.us> On Tue, Jul 10, 2001 at 10:39:26PM -0700, J C Lawrence wrote: > On Wed, 11 Jul 2001 00:32:49 -0400 > Jay R Ashworth wrote: > > On Tue, Jul 10, 2001 at 09:29:29PM -0700, J C Lawrence wrote: > >> It is clear that ICANN has demonstrated a clear willingness and > >> ability to move and act decisively in a manner which is both > >> technically astute and which supports the best interests of 'net > >> users in general. Surely, hopefully, they can be persuaded to > >> lend a brief smidgeon of their impressive talents to a task as > >> significant as this. > > > What *delightfully* understated sarcasm, Joe. You almost even > > caught me. > > I had to empty my cranium of marketing-speak before I became ill... Good. I *didn't* blow it. :-) ObMailman: so, my Minstrel III comes in shortly; any chance we'll see wireless-friendly versions of the management pages? ;-) Cheers -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows From jarrell@vt.edu Wed Jul 11 19:48:25 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Wed, 11 Jul 2001 14:48:25 -0400 Subject: [Mailman-Developers] OpenBSD Trusted Path Execution (TPE) compatibility? In-Reply-To: <20010711020859.49054@scfn.thpl.lib.fl.us> References: <2962.994825769@2wire.com> <20010711003249.22969@scfn.thpl.lib.fl.us> <13144.994829966@kanga.nu> Message-ID: <5.1.0.14.2.20010711144623.045f2af0@lennier.cc.vt.edu> At 02:08 AM 7/11/01 -0400, Jay R. Ashworth wrote: >ObMailman: so, my Minstrel III comes in shortly; any chance we'll see >wireless-friendly versions of the management pages? ;-) I've been debating writing WML friendly versions of it so I can do list administration from my startac. It's on the list of project to do in my copious spare time. I should start right about the time that holographic 1600x900 48bit 3d accelerated displays are the norm on the startac. (I'm just hoping that minstrel, or someone, jump on the bandwagon and support the new 505, since I can finally do cdpd in my area.) From barry@digicool.com Thu Jul 12 06:04:03 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Thu, 12 Jul 2001 01:04:03 -0400 Subject: [Mailman-Developers] 2.1 alpha 2 sneak peek Message-ID: <15181.12227.811640.779771@anthem.wooz.org> If you want a sneak peek at all the new stuff that's in MM2.1alpha2, take a look at http://sourceforge.net/project/shownotes.php?release_id=43200 It's actually rather a lot of stuff! SourceForge currently has about a 30 minute delay from file upload to publishing, so I don't think you'll be able to download anything right now. Plus I'm too tired to write up the announcement and update the web pages. That /may/ happen tomorrow, although I've got meetings most of the day, so the "official" announcement may not go out until Friday. Cheers, -Barry From barry@digicool.com Thu Jul 12 14:50:03 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Thu, 12 Jul 2001 09:50:03 -0400 Subject: [Mailman-Developers] 2.1 alpha 2 sneak peek References: <15181.12227.811640.779771@anthem.wooz.org> Message-ID: <15181.43787.668345.655414@anthem.wooz.org> If you downloaded the 2.1a2 tarball from SF before about 2 minutes ago, please disregard it and re-download it. There were a few buglet reports in my inbox this morning, so I fixed them and re-uploaded a new source tarball. Announcements will still not go out for at least a few hours. Thanks to Juan Carlos Rey Anaya and Mentor Cana! -Barry From barry@digicool.com Fri Jul 13 21:15:20 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Fri, 13 Jul 2001 16:15:20 -0400 Subject: [Mailman-Developers] [ANNOUNCE] Mailman 2.1 alpha 2 Message-ID: <15183.22232.119442.302021@anthem.wooz.org> This the official announcement for Mailman 2.1 alpha 2. Because it's an alpha, this announcement is only going out to the mailman-* mailing lists. I'll make two warnings: you probably should still not use this version for production systems (but TIA for any and all testing you do with it!), and I've already had a couple of bug fixes from early adopters. 2.1a2 should still be useful, but you might want to keep an eye on cvs and the mailman-checkins list for updates. I am only making the tarball available on SourceForge, so you'll need to go to http://sf.net/projects/mailman to grab it. You'll also need to upgrade to mimelib-0.4, so be sure to go to http://sf.net/projects/mimelib to grab and install that tarball first. To view the on-line documentation, see http://www.list.org/MM21/index.html or http://mailman.sf.net/MM21/index.html Below is an excerpt from the NEWS file for all the changes since 2.1alpha1. There are a bunch of new features coming down the pike, and I hope to have an alpha3 out soon. I'm also planning on doing much more stress testing of this version with real list traffic, and I'm hoping we'll start to get more languages integrated into cvs. Enjoy, -Barry -------------------- snip snip -------------------- 2.1 alpha 2 (11-Jul-2001) - Building o mimelib 0.4 is now required. Get it from http://mimelib.sf.net. If you've installed an earlier version of mimelib, you must upgrade. o /usr/local/mailman is now the default installation directory. Use configure's --prefix switch to change it back to the default (/home/mailman) or any other installation directory of your choice. - Security o Better definition of authentication domains. The following roles have been defined: user, list-admin, list-moderator, creator, site-admin. o There is now a separate role of "list moderator", which has access to the pending requests (admindb) page, but not the list configuration pages. o Subscription confirmations can now be performed via email or via URL. When a subscription is received, a unique (sha) confirm URL is generated in the confirmation message. Simply visiting this URL completes the subscription process. o In a similar manner, removal requests (via web or email command) no longer require the password. If the correct password is given, the removal is performed immediately. If no password is given, then a confirmation message is generated. - Internationalization o More I18N patches. The basic infrastructure should now be working correctly. Spanish templates and catalogs are included, and English, French, Hungarian, and Big5 templates are included. o Cascading specializations and internationalization of templates. Templates are now search for in the following order: list-specific location, domain-specific location, site-wide location, global defaults. Each search location is further qualified by the language being displayed. This means that you only need to change the templates that are different from the global defaults. Templates renamed: admlogin.txt => admlogin.html Templates added: private.html - Web UI o Redesigned the user options page. It now sits behind an authentication so user options cannot be viewed without the proper password. The other advantage is that the user's password need not be entered on the options page to unsubscribe or change option values. The login screen also provides for password mail-back, and unsubscription w/ confirmation. Other new features accessible from the user options page include: ability to change email address (with confirmation) both per-list and globally for all list on virtual domain; global membership password changing; global mail delivery disable/enable; ability to suppress password reminders both per-list and globally; logout button. [Note: the handle_opts cgi has gone away] o Color schemes for non-template based web pages can be defined via mm_cfg. o Redesign of the membership management page. The page is now split into three subcategories (Membership List, Mass Subscription, and Mass Removal). The Membership List subcategory now supports searching for member addresses by regular expression, and if necessary, it groups member addresses first alphabetically, and then by chunks. Mass Subscription and Mass Removal now support file upload, with one address per line. o Hyperlinks from the logos in the footers have been removed. The sponsors got too much "unsubscribe me!" spam from desperate user of Mailman at other sites. o New buttons on the digest admin page to send a digest immediately (if it's non-empty), to start a new digest volume with the next digest, and to select the interval with which to automatically start a new digest volume (yearly, monthly, quarterly, weekly, daily). DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration variable, initially set to give a new digest volume monthly. o Through-the-web list creation and removal, using a separate site-wide authentication role called the "list creator and destroyer" or simply "list creator". If the configuration variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by default, it's 0), then list admins can delete their own lists. This feature requires an adaptor for the particular MTA you're using. An adaptor for Postfix is included, as is a dumb adaptor that just emails mailman@yoursite with the necessary Sendmail style /etc/alias file changes. Some MTAs like Exim can be configured to automatically recognize new lists. The adaptor is selected via the MTA option in mm_cfg.py - Email UI o In email commands, "join" is a synonym for "subscribe". "remove" and "leave" are synonyms for "unsubscribe". New robot addresses are support to make subscribing and unsubscribing much easier: mylist-join@mysite mylist-leave@mysite o Confirmation messages have a shortened Subject: header, containing just the word "confirm" and the confirmation cookie. This should help for MUAs that like to wrap long Subject: lines, messing up confirmation. o Mailman now recognizes an Urgent: header, which, if it contains the list moderator or list administrator password, forces the message to be delivered immediately to all members (i.e. both regular and digest members). The message is also placed in the digest. If the password is incorrect, the message will be bounced back to the sender. - Performance o Refinements to the new qrunner subsystem which preserves FIFO order of messages. o The qrunner is no longer started from cron. It is started by a Un*x init-style script called bin/mailmanctl (see below). cron/qrunner has been removed. - Command line scripts o bin/mailmanctl script added, which is used to start, stop, and restart the qrunner daemon. o bin/qrunner script added which allows a single sub-qrunner to run once through its processing loop. o bin/change_pw script added (eases mass changing of list passwords). o bin/update grows a -f switch to force an update. o bin/newlang renamed to bin/addlang; bin/rmlang removed. o bin/mmsitepass has grown a -c option to set the list creator's password. The site-wide `create' web page is linked to from the admin overview page. o bin/newlist's -o option is removed. This script also grows a way of spelling the creation of a list in a specific virtual domain. o The `auto' script has been removed. o bin/dumpdb has grown -m/--marshal and -p/--pickle options. o bin/list_admins can be used to print the owners of a mailing list. o bin/genaliases regenerates from scratch the aliases and aliases.db file for the Postfix MTA. - Archiver o New archiver date clobbering option, which allows dates to only be clobber if they are outrageously out-of-date (default setting is 15 days on either side of received timestamp). New configuration variables: ARCHIVER_CLOBBER_DATE_POLICY ARCHIVER_ALLOWABLE_SANE_DATE_SKEW The archived copy of messages grows an X-List-Received-Date: header indicating the time the message was received by Mailman. o PRIVATE_ARCHIVE_URL configuration variable is removed (this can be calculated on the fly, and removing it actually makes site configuration easier). - Miscellaneous o Several new README's have been added. o Most syslog entries for the qrunner have been redirected to logs/error. o On SIGHUP, qrunner will re-open all its log files and restart all child processes. See "bin/mailmanctl restart". - Patches and bug fixes o SF patches and bug fixes applied: 420396, 424389, 227694, 426002, 401372 (partial), 401452. o Fixes in 2.0.5 ported forward: Fix a lock stagnation problem that can result when the user hits the `stop' button on their browser during a write operation that can take a long time (e.g. hitting the membership management admin page). o Fixes in 2.0.4 ported forward: Python 2.1 compatibility release. There were a few questionable constructs and uses of deprecated modules that caused annoying warnings when used with Python 2.1. This release quiets those warnings. o Fixes in 2.0.3 ported forward: Bug fix release. There was a small typo in 2.0.2 in ListAdmin.py for approving an already subscribed member (thanks Thomas!). Also, an update to the OpenWall security workaround (contrib/securelinux_fix.py) was included. Thanks to Marc Merlin. From gerald@impressive.net Fri Jul 13 21:43:59 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Fri, 13 Jul 2001 16:43:59 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <15183.22232.119442.302021@anthem.wooz.org>; from barry@digicool.com on Fri, Jul 13, 2001 at 04:15:20PM -0400 References: <15183.22232.119442.302021@anthem.wooz.org> Message-ID: <20010713164359.C19524@impressive.net> On Fri, Jul 13, 2001 at 04:15:20PM -0400, Barry A. Warsaw wrote: > > This the official announcement for Mailman 2.1 alpha 2. [...] > To view the on-line documentation, see > > http://www.list.org/MM21/index.html > 2.1 alpha 2 (11-Jul-2001) [ lots of extremely cool stuff deleted ] > o Subscription confirmations can now be performed via email or > via URL. When a subscription is received, a unique (sha) > confirm URL is generated in the confirmation message. > Simply visiting this URL completes the subscription process. This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) should not have side effects like confirming a subscription. A few months ago I sent mail to mailman-developers with a suggestion for how to implement this in a compliant way without hindering usability: http://mail.python.org/pipermail/mailman-developers/2001-January/003579.html mid:20010103022646.A31881@impressive.net I realize that a number of other sites misuse GET this way, but I think most of the large ones (e.g., Yahoo, online brokerages and banks, etc.) get it right, and I think Mailman should too. Further reading on GET vs POST: Forms: GET and POST http://www.w3.org/Provider/Style/Input Axioms of Web architecture: Identity, State and GET http://www.w3.org/DesignIssues/Axioms#state HTTP 1.1 section 9.1: Safe and Idempotent Methods http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1 HTML 4.01 section 17.13: Form submission http://www.w3.org/TR/html4/interact/forms.html#h-17.13 -- Gerald Oskoboiny http://impressive.net/people/gerald/ From chuqui@plaidworks.com Fri Jul 13 22:03:51 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Fri, 13 Jul 2001 14:03:51 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <20010713164359.C19524@impressive.net> Message-ID: On 7/13/01 1:43 PM, "Gerald Oskoboiny" wrote: > This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) > should not have side effects like confirming a subscription. My first reaction was "say what?" but I went and read the w3 stuff before responding... > I realize that a number of other sites misuse GET this way, but I > think most of the large ones (e.g., Yahoo, online brokerages and > banks, etc.) get it right, and I think Mailman should too. Because, frankly, I think w3 is wrong IN THIS CASE. That may make sense in a general case, especially on an HTTP only situation, but in this case, where the URL is being carried in e-mail to confirm an action the user has (presumably) started, I think they're wrong. As long as the e-mail clearly delineates the action being taken, do what's easy for the user; and the user isn't going to want to go clicking through multiple links just to allow us to abide to the HTTP stuff. But the key is this is a finalization of a distributed transaction, with e-mail distributing the token. Under other circumstances, I see W3's logic. Here, however, using a URL to bring up a page that says "click here to confirm" is only going to piss off Joe User, not make his life better. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Some days you're the dog, some days you're the hydrant. From ricardo@rixhq.nu Sat Jul 14 16:08:21 2001 From: ricardo@rixhq.nu (Ricardo F . Kustner) Date: Sat, 14 Jul 2001 17:08:21 +0200 Subject: [Mailman-Developers] module imports & performance Message-ID: <20010714170821.A6523@localhost> Hi, I finally was forced to upgrade my ancient slackware/libc5/linux2.0 system on which I'm running mailman (among other stuff) since the (old) disks were actually about to vaporize. The rest of the hardware stayed low-end (Pentium 90 with 64mb memory)... the new installation is running Progeny Debian 1.0, kernel 2.2.18 and Python 1.5.2 on a fresh new disk. I've installed mailman 2.0.5 straight from the source (package systems are great but for some apps I still prefer to compile it myself) Most of the components (apache,fastcgi,php and some perl scripts) don't show any difference in performance, but it looks like the mailman python scripts have decreased in performance dramatically... loading up a page in the webinterface takes about 7 seconds! After some playing around with python -i, I noticed that "from Mailman import MailList" takes about 4 seconds... Does anybody have any idea what's going on? maybe the python binary compiled into Debian isn't optimized enough for my system or could this be a problem in mailman? Regards, Ricardo From thomas@xs4all.net Sat Jul 14 16:27:48 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Sat, 14 Jul 2001 17:27:48 +0200 Subject: [Mailman-Developers] module imports & performance In-Reply-To: <20010714170821.A6523@localhost> References: <20010714170821.A6523@localhost> Message-ID: <20010714172748.X5396@xs4all.nl> On Sat, Jul 14, 2001 at 05:08:21PM +0200, Ricardo F . Kustner wrote: [ Ricardo reinstalls ] > Most of the components (apache,fastcgi,php and some perl scripts) don't show > any difference in performance, but it looks like the mailman python scripts > have decreased in performance dramatically... loading up a page in the > webinterface takes about 7 seconds! After some playing around with python > -i, I noticed that "from Mailman import MailList" takes about 4 seconds... > Does anybody have any idea what's going on? maybe the python binary compiled > into Debian isn't optimized enough for my system or could this be a problem > in mailman? Well, 'import MailList' triggers a lot of file loads, so the easiest target would be 'disk I/O'. But just to be sure: all your modules have '.pyc' variants as well ? You can check by doing something like bash-2.04$ cd /usr/local/mailman bash-2.04$ python Python 2.0 (#8, Mar 1 2001, 13:20:58) [GCC 2.95.2 19991024 (release)] on freebsd4 Type "copyright", "credits" or "license" for more information. >>> from Mailman import MailList >>> print MailList.__file__ Mailman/MailList.pyc If the latter says '.py' instead of '.pyc', that's your problem. The 'from Mailman import MailList' took only a faction of a second on that machine, by the way, but it's pretty high-end (1Ghz P3, 1Gb RAM, U160-SCSI, FreeBSD) so that isn't too suprising. If that isn't the problem, your best bet is to keep an eye on the system. 'iostat' (need to install it separately on Linux, I think) and 'vmstat' can deliver a lot of useful info about why a task is taking so long. -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From m.hubbard@ic.ac.uk Sat Jul 14 16:50:31 2001 From: m.hubbard@ic.ac.uk (Hubbard, Matt) Date: Sat, 14 Jul 2001 16:50:31 +0100 Subject: [Mailman-Developers] extended address checking feature.. any thoughts? Message-ID: Hi, Just looking over Mailman, as I intend to add in site-wide list configuration restrictions (most notably private_roster) before using it in service. Anyway, I thought it would be nice if Mailman could optionally integrate with the address checking features of exim. "exim -bvs user@somedomain" will first rewrite the address according to it's rule set and then check that the mail domain is valid. If the domain is local, it will check that local part of the address is valid too. I think it could be worth doing something with the rewritten address as that is what the underlying MTA will do with the email address. If exim wouldn't be able to route mail to the mail domain of a given subscription address or perform a local delivery, then there wouldn't be much point Mailman generating a confirmation request to it. Does anyone else think this would be useful? Or a particularly bad idea? On a connected matter, should Utils._badchars also contain $, %, slashes and various forms of quote marks. Cheers, Matt. From ricardo@rixhq.nu Sat Jul 14 17:11:23 2001 From: ricardo@rixhq.nu (Ricardo Kustner) Date: Sat, 14 Jul 2001 18:11:23 +0200 Subject: [Mailman-Developers] module imports & performance In-Reply-To: <20010714172748.X5396@xs4all.nl>; from thomas@xs4all.net on Sat, Jul 14, 2001 at 05:27:48PM +0200 References: <20010714170821.A6523@localhost> <20010714172748.X5396@xs4all.nl> Message-ID: <20010714181122.B6523@localhost> On Sat, Jul 14, 2001 at 05:27:48PM +0200, Thomas Wouters wrote: > On Sat, Jul 14, 2001 at 05:08:21PM +0200, Ricardo F . Kustner wrote: > > Most of the components (apache,fastcgi,php and some perl scripts) don't show > > any difference in performance, but it looks like the mailman python scripts > > have decreased in performance dramatically... loading up a page in the > > webinterface takes about 7 seconds! After some playing around with python > > -i, I noticed that "from Mailman import MailList" takes about 4 seconds... > Well, 'import MailList' triggers a lot of file loads, so the easiest target > would be 'disk I/O'. But just to be sure: all your modules have '.pyc' > variants as well ? You can check by doing something like > >>> from Mailman import MailList > >>> print MailList.__file__ > Mailman/MailList.pyc > If the latter says '.py' instead of '.pyc', that's your problem. well it says ".pyc"... so that seems to be okay... > If that isn't the problem, your best bet is to keep an eye on the system. > 'iostat' (need to install it separately on Linux, I think) and 'vmstat' can > deliver a lot of useful info about why a task is taking so long. I'm afraid you might be right about that... it could be the disk I/O but I'm not sure yet... it's weird though, the previous setup had a very old disk so I don't understand why it has become that much slower now with a much newer disk. Oh well, at least I'm pretty sure now the real problem isn't in python or mailman... I guess I'll need to do some more testing with the disk performance. I don't even dare to think how much trouble qrunner might be getting with the file access :( Thanks for the help... Regards, Ricardo From barry@digicool.com Sat Jul 14 17:55:04 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Sat, 14 Jul 2001 12:55:04 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 References: <20010713164359.C19524@impressive.net> Message-ID: <15184.31080.663487.123985@anthem.wooz.org> >>>>> "CVR" == Chuq Von Rospach writes: >> I realize that a number of other sites misuse GET this way, but >> I think most of the large ones (e.g., Yahoo, online brokerages >> and banks, etc.) get it right, and I think Mailman should too. CVR> Because, frankly, I think w3 is wrong IN THIS CASE. That may CVR> make sense in a general case, especially on an HTTP only CVR> situation, but in this case, where the URL is being carried CVR> in e-mail to confirm an action the user has (presumably) CVR> started, I think they're wrong. As long as the e-mail clearly CVR> delineates the action being taken, do what's easy for the CVR> user; and the user isn't going to want to go clicking through CVR> multiple links just to allow us to abide to the HTTP stuff. CVR> But the key is this is a finalization of a distributed CVR> transaction, with e-mail distributing the token. Under other CVR> circumstances, I see W3's logic. Here, however, using a URL CVR> to bring up a page that says "click here to confirm" is only CVR> going to piss off Joe User, not make his life better. I agree with Chuq. The user isn't going to understand the distinction and is just going to be annoyed by having to do, what to them seems like an extra unnecessary step. -Barry From gerald@impressive.net Sun Jul 15 00:32:01 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Sat, 14 Jul 2001 19:32:01 -0400 Subject: [Mailman-Developers] subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: ; from chuqui@plaidworks.com on Fri, Jul 13, 2001 at 02:03:51PM -0700 References: <20010713164359.C19524@impressive.net> Message-ID: <20010714193201.A31163@impressive.net> On Fri, Jul 13, 2001 at 02:03:51PM -0700, Chuq Von Rospach wrote: > On 7/13/01 1:43 PM, "Gerald Oskoboiny" wrote: > > > This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) > > should not have side effects like confirming a subscription. > > My first reaction was "say what?" but I went and read the w3 stuff before > responding... Note that "the w3 stuff" includes the standards-track RFC 2616 (HTTP/1.1), the HTML 4.01 specification, and supplementary notes by the creator of the HTTP protocol (incl its GET and POST methods); they're not just a few random pages on w3.org :) > > I realize that a number of other sites misuse GET this way, but I > > think most of the large ones (e.g., Yahoo, online brokerages and > > banks, etc.) get it right, and I think Mailman should too. > > Because, frankly, I think w3 is wrong IN THIS CASE. That may make sense in a > general case, especially on an HTTP only situation, but in this case, where > the URL is being carried in e-mail to confirm an action the user has > (presumably) started, I think they're wrong. A couple of the references I gave in my previous message included this specific example (confirming a subscription) as a case where POST should be used instead of GET, so I think it is quite clear that the specs do apply in this specific case. Regarding "I think they're wrong", I respect your opinion, but the HTTP spec is the result of a decade of work on and experience with HTTP by full-time web protocol geeks... > As long as the e-mail clearly > delineates the action being taken, do what's easy for the user; and the user > isn't going to want to go clicking through multiple links just to allow us > to abide to the HTTP stuff. What if I have a smart system on my desktop PC that is configured to prefetch any URLs it sees in my incoming email, so there is zero latency when I go to read them later? (or so I can read them while offline, on a train or plane or something) That would allow anyone in the world to sign me up for any mailman-backed mailing list, whether or not I even see the email confirmation requests. And that would be Mailman's fault, for misusing HTTP GETs. > But the key is this is a finalization of a distributed transaction, with > e-mail distributing the token. Under other circumstances, I see W3's logic. > Here, however, using a URL to bring up a page that says "click here to > confirm" is only going to piss off Joe User, not make his life better. I disagree: a large part of the reason for the distinction between GET and POST is a social/usability one: people should become accustomed to following hypertext links and clicking on URLs without any action being taken. (personally, I cut and paste URLs into my browser all the time without checking carefully what they appear to be first, so when I actually want to read what's there, I don't have to wait for the browser. Of course, I only do that because I don't have that prefetching thing set up... yet.) btw, part of the reason I care about this is that I work for W3C and am currently evaluating mailman for use on lists.w3.org (to replace smartlist) and we're pretty fussy about complying with our own specs, for obvious reasons. But I'd be making this argument whether or not that were the case, since it's clearly the Right Thing to do imho... -- Gerald Oskoboiny http://impressive.net/people/gerald/ From forrie@navipath.com Sun Jul 15 01:28:14 2001 From: forrie@navipath.com (Forrest Aldrich) Date: Sat, 14 Jul 2001 20:28:14 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: References: <20010713164359.C19524@impressive.net> Message-ID: <5.1.0.14.2.20010714202735.02532cd0@216.67.14.8> I'd be happy with an admin-configurable option to either do traditional subscription confirmation or the http method. At 02:03 PM 7/13/2001 -0700, Chuq Von Rospach wrote: >On 7/13/01 1:43 PM, "Gerald Oskoboiny" wrote: > > > This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) > > should not have side effects like confirming a subscription. > >My first reaction was "say what?" but I went and read the w3 stuff before >responding... > > > I realize that a number of other sites misuse GET this way, but I > > think most of the large ones (e.g., Yahoo, online brokerages and > > banks, etc.) get it right, and I think Mailman should too. > >Because, frankly, I think w3 is wrong IN THIS CASE. That may make sense in a >general case, especially on an HTTP only situation, but in this case, where >the URL is being carried in e-mail to confirm an action the user has >(presumably) started, I think they're wrong. As long as the e-mail clearly >delineates the action being taken, do what's easy for the user; and the user >isn't going to want to go clicking through multiple links just to allow us >to abide to the HTTP stuff. > >But the key is this is a finalization of a distributed transaction, with >e-mail distributing the token. Under other circumstances, I see W3's logic. >Here, however, using a URL to bring up a page that says "click here to >confirm" is only going to piss off Joe User, not make his life better. > >-- >Chuq Von Rospach, Internet Gnome >[ = = ] >Yes, yes, I've finally finished my home page. Lucky you. > >Some days you're the dog, some days you're the hydrant. > > > > >------------------------------------------------------ >Mailman-Users maillist - Mailman-Users@python.org >http://mail.python.org/mailman/listinfo/mailman-users From chuqui@plaidworks.com Sun Jul 15 04:49:34 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Sat, 14 Jul 2001 20:49:34 -0700 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010714193201.A31163@impressive.net> Message-ID: On 7/14/01 4:32 PM, "Gerald Oskoboiny" wrote: > Regarding "I think they're wrong", I respect your opinion, but > the HTTP spec is the result of a decade of work on and experience > with HTTP by full-time web protocol geeks... But web geeks are not necessarily user-interface or user-experience geeks. You can perfectly correctly build a nice system that's technically correct, but not right for the users. > What if I have a smart system on my desktop PC that is configured > to prefetch any URLs it sees in my incoming email, Given the number of viruses, spam with URLs and other garbage out there, I'd say you're foolish (bordering on stupid), but that's beside the point. It is an interesting issue, one I can't toss out easily; but I'm not convinced, either. I think it's something that needs to be hashed over, perhaps prototyped both ways so we can see the best way to tweak it. Barry, what do you think about this instance? As the net moves more towards wireless, PDA, mobile-phone, stuff, could we be setting ourselves up for a later problem by ignoring this pre-cache issue Gerald's raised? Gerald, does W3 have sample pages for "right" and "wrong" that can be looked at, or are we going to have to develop some? The more I think about this, the more I think it's case where we ought to see if we can develop a prototype that follows the standards that we like, rather than toss it out at first glance. But if we can't come up with a system that we agree is 'easy enough', then we should go to what we're currently thinking. > That would allow anyone in the world to sign me up for any > mailman-backed mailing list, whether or not I even see the email > confirmation requests. And that would be Mailman's fault, for > misusing HTTP GETs. In disagree with this -- since as you say, any number of places already misuse GET, that usage is fairly common. A user who sets themselves up for it should know (or be warned by their mail client) that it has the possibility to trigger events. I'd say it's more a client issue than a Mailman issue. And, thinking about it, since GET *can* do this, it's probably wrong for W3 to push for it not to be used that way, because if things like your pre-caching system come into common use, the dark side of the net will take advantage of it, the way early virus writers took advantage of mail clients with auto-exec of .EXE's being on by default. So aren't you setting yourself up for problems by having a technology that can, even if you deprecate it, because it sets a user expectation that's going to be broken by those wanting to take advantage of it? I've got a bad feeling about this -- your example seems to set yourself up for abuse by those looking for ways ot abuse you, and that's a bigger issue than Mailman using it -- because if all of the 'white side' programs cooperate, it just encourages creation of things (like the pre-caching) that the dark side will take adavantage of. As long as GET is capable of being used this way, I'd be very careful about creating stuff that depends on "we don't want it used this way, so it won't be" -- it seems to open up avenues for attack. Which is not a reason for mailman to ignore the standard -- but a bigger issue about whether this standard creates a perception that could come back and bite people. If people start creating services (like that pre-cache) that get tripped up by this, even if the white hats follow your advice, you're still at risk from the black hats. Isn't it better to acknowledge the capability and not create services that depend on "well behaved" systems? >Of course, I only do > that because I don't have that prefetching thing set up... yet.) At this point, I'd never turn on pre-fectching, since it's safety depends entirely no voluntary cooperation, and you aren't in a position to police until after the fact. That's a Bad Thing in a big way. > btw, part of the reason I care about this is that I work for W3C > and am currently evaluating mailman for use on lists.w3.org (to > replace smartlist) and we're pretty fussy about complying with > our own specs, for obvious reasons. As you should be. > But I'd be making this > argument whether or not that were the case, since it's clearly > the Right Thing to do imho... And the more I think about it, the more it's an interesting point -- but on more than one level. Has W3c considered the implications of defining a standard that depends on voluntary acceptance here? Because the service you propose is unsafe unless you can guarantee everyone you talk to is compliant, and we know how likely that's going to be. That, to me, is a much bigger issue than whether or not Mailman complies, and in fact, I could make an argument that the standard isnt' acceptable if it's going to be a basis for services that can cause harm but requires voluntary acceptance on the server side. By the time you figure out the server isn't complying, they've burnt down the barn and run off with the horse. That's bad. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Someday, we'll look back on this, laugh nervously and change the subject. From satyap@satya.virtualave.net Sun Jul 15 05:23:07 2001 From: satyap@satya.virtualave.net (Satya) Date: Sun, 15 Jul 2001 09:53:07 +0530 (IST) Subject: [Mailman-Developers] subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010714193201.A31163@impressive.net> Message-ID: On Jul 14, 2001 at 19:32, Gerald Oskoboiny wrote: >our own specs, for obvious reasons. But I'd be making this >argument whether or not that were the case, since it's clearly >the Right Thing to do imho... Yeah, like that List-* headers :-) -- Satya. US-bound grad students! For pre-apps, see It ALWAYS goes wrong, especially if it's mission critical! From juergen.erhard@gmx.net Sun Jul 15 09:17:21 2001 From: juergen.erhard@gmx.net (=?ISO-8859-1?Q?=22J=FCrgen_A=2E_Erhard=22?=) Date: Sun, 15 Jul 2001 10:17:21 +0200 Subject: [Mailman-Developers] Bug in mail->news gateway in 2.0.5 (and *simple* fix) Message-ID: <15072001.3@wanderer.local.jae.ddns.org> --pgp-sign-Multipart_Sun_Jul_15_10:17:17_2001-1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Bug: in Mailman/Handlers/ToUsenet.py, there are spaces inserted after colons where they are missing ("NNTP is strict about spaces after the colon in headers"). If a colon appears in a continuation line, it is treated as a header colon. Fix: skip lines that start with whitespace. For those interested, the history of the finding of the bug: Problem: my signed emails appeared on Usenet garbled. The multipart boundary had an extra space inserted (which of course the actual boundaries hadn't). After some exchange with Martin Armstrong (who made me aware of this) we concluded it had to be the mail->news gateway (as my direct mail to him, also signed, wasn't garbled). I then investigated ToUsenet.py, and found the error. Why this hasn't hit a lot more often is simple: most MUA seem to use some random gibberish as the boundary string. SEMI doesn't... Of course, if this is fixed in 2.1, you can ignore this (assuming that it comes out soonish ;-) Bye, J --=20 J=FCrgen A. Erhard (juergen.erhard@gmx.net, jae@users.sourceforge.net) MARS: http://members.tripod.com/Juergen_Erhard/mars_index.html Life's Better Without Braces (http://www.python.org) I wish I had more energy -- or less ambition. --pgp-sign-Multipart_Sun_Jul_15_10:17:17_2001-1 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjtRUZEACgkQN0B+CS56qs2RHwCfVKc6xD3xyGkGRayEKzv617QO TEgAoJE5GHnbYXMTN1sNcjgleBZ2dRwU =jdkM -----END PGP SIGNATURE----- --pgp-sign-Multipart_Sun_Jul_15_10:17:17_2001-1-- From john.read@newnet-marketing.de Sun Jul 15 15:20:15 2001 From: john.read@newnet-marketing.de (John Read) Date: Sun, 15 Jul 2001 16:20:15 +0200 Subject: [Mailman-Developers] mailmanctl patch Message-ID: This is a multi-part message in MIME format. ------=_NextPart_000_0000_01C10D4A.08148CB0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi, after installing the new beta version I found that not having starting, and stopping messages in the mailmanctl was confusing when it was included in the Linux startup scripts. All other system services have a short message stating what they doing during the boot phase. I have included the start, restart, and stop messages into mailmanctl, and included the changes in a short patch file. (Its only three lines of code so dont get excited!!) Otherwise the installation, and testing so far has been without any problems. Great software. -- John Read NewNet Marketing Tel: +49-8076-8879818 Fax: +49-8076-8879819 ------=_NextPart_000_0000_01C10D4A.08148CB0 Content-Type: application/octet-stream; name="mailmanctl.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="mailmanctl.patch" --- bin/mailmanctl.org Sun Jul 15 15:53:41 2001=0A= +++ bin/mailmanctl Sun Jul 15 15:58:53 2001=0A= @@ -133,11 +133,13 @@=0A= # Sent the master qrunner process a SIGINT, which is equivalent = to=0A= # giving cron/qrunner a ctrl-c or KeyboardInterrupt. This will=0A= # effectively shut everything down.=0A= + print 'Shutting down Mailman Qrunner'=0A= kill_subrunners(signal.SIGINT)=0A= elif command =3D=3D 'restart':=0A= # Sent the master qrunner process a SIGHUP. This will cause the=0A= # master qrunner to kill and restart all the worker qrunners, = and to=0A= # close and re-open its log files.=0A= + print 'Restarting Mailman Qrunner'=0A= kill_subrunners(signal.SIGHUP)=0A= else:=0A= # Must be `start'=0A= @@ -145,6 +147,7 @@=0A= # Daemon process startup according to Stevens, Advanced = Programming in=0A= # the UNIX Environment, Chapter 13.=0A= if os.fork():=0A= + print 'Starting Mailman Qrunner'=0A= # parent=0A= sys.exit(0)=0A= # child=0A= ------=_NextPart_000_0000_01C10D4A.08148CB0-- From jra@baylink.com Sun Jul 15 16:16:33 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Sun, 15 Jul 2001 11:16:33 -0400 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: ; from Chuq Von Rospach on Sat, Jul 14, 2001 at 08:49:34PM -0700 References: <20010714193201.A31163@impressive.net> Message-ID: <20010715111633.01631@scfn.thpl.lib.fl.us> On Sat, Jul 14, 2001 at 08:49:34PM -0700, Chuq Von Rospach wrote: > > What if I have a smart system on my desktop PC that is configured > > to prefetch any URLs it sees in my incoming email, > > Given the number of viruses, spam with URLs and other garbage out there, I'd > say you're foolish (bordering on stupid), but that's beside the point. It is > an interesting issue, one I can't toss out easily; but I'm not convinced, > either. I think it's something that needs to be hashed over, perhaps > prototyped both ways so we can see the best way to tweak it. > > Barry, what do you think about this instance? As the net moves more towards > wireless, PDA, mobile-phone, stuff, could we be setting ourselves up for a > later problem by ignoring this pre-cache issue Gerald's raised? What *I* think is that it's a special case, and any such pre-fetch system ought to, by default, *not* pre-fetch anything with GET parameters in it. *All* GETs have side effects by definition: you get something different depending on what the parameters are. > > That would allow anyone in the world to sign me up for any > > mailman-backed mailing list, whether or not I even see the email > > confirmation requests. And that would be Mailman's fault, for > > misusing HTTP GETs. > > I disagree with this -- since as you say, any number of places already > misuse GET, that usage is fairly common. A user who sets themselves up for > it should know (or be warned by their mail client) that it has the > possibility to trigger events. I'd say it's more a client issue than a > Mailman issue. Concur. And I base my opinion on 15 years of systems design experience, FWIW. > And, thinking about it, since GET *can* do this, it's probably wrong for W3 > to push for it not to be used that way, because if things like your > pre-caching system come into common use, the dark side of the net will take > advantage of it, the way early virus writers took advantage of mail clients > with auto-exec of .EXE's being on by default. So aren't you setting yourself > up for problems by having a technology that can, even if you deprecate it, > because it sets a user expectation that's going to be broken by those > wanting to take advantage of it? I've got a bad feeling about this -- your > example seems to set yourself up for abuse by those looking for ways ot > abuse you, and that's a bigger issue than Mailman using it -- because if all > of the 'white side' programs cooperate, it just encourages creation of > things (like the pre-caching) that the dark side will take adavantage of. Well put, young pilot. > >Of course, I only do > > that because I don't have that prefetching thing set up... yet.) > > At this point, I'd never turn on pre-fectching, since it's safety depends > entirely no voluntary cooperation, and you aren't in a position to police > until after the fact. That's a Bad Thing in a big way. Well, yeah, but you don't have a palmtop, either, Chuq, right? :-) > > But I'd be making this > > argument whether or not that were the case, since it's clearly > > the Right Thing to do imho... > > And the more I think about it, the more it's an interesting point -- but on > more than one level. Has W3c considered the implications of defining a > standard that depends on voluntary acceptance here? Because the service you > propose is unsafe unless you can guarantee everyone you talk to is > compliant, and we know how likely that's going to be. That, to me, is a much > bigger issue than whether or not Mailman complies, and in fact, I could make > an argument that the standard isnt' acceptable if it's going to be a basis > for services that can cause harm but requires voluntary acceptance on the > server side. By the time you figure out the server isn't complying, they've > burnt down the barn and run off with the horse. That's bad. I can't find a thing to argue with here; let's see what he comes up with... Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From chuqui@plaidworks.com Sun Jul 15 18:57:56 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Sun, 15 Jul 2001 10:57:56 -0700 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010715111633.01631@scfn.thpl.lib.fl.us> Message-ID: On 7/15/01 8:16 AM, "Jay R. Ashworth" wrote: > What *I* think is that it's a special case, and any such pre-fetch > system ought to, by default, *not* pre-fetch anything with GET > parameters in it. That was what I was thinking, too -- no matter what W3 says, building a tool that pre-fetches those by default is like Microsoft defaulting .EXE execution to yes, or sendmail defaulting to open relay like it did in 8.8 and before. Those are situations just waiting for someone to take advantage of it, and the whitehats won't be the someones. > Well put, young pilot. Young? Young? Where's my walker? (as an irrelevant side note, Apple finally hired me an assistant, who was -- literally -- not potty trained when I used my first Unix system. Good kid. Well, man. He's no kid... But he's getting going to get tired of the "In the Good Old Days.." jokes...) >> At this point, I'd never turn on pre-fectching, since it's safety depends >> entirely no voluntary cooperation, and you aren't in a position to police >> until after the fact. That's a Bad Thing in a big way. > > Well, yeah, but you don't have a palmtop, either, Chuq, right? :-) I have a Handspring and my primary machine is a wireless laptop (a Titanium!). Do I need a palmtop? Of course, none of this deals iwht whether Mailman should use GET or POST. That GET is inherently unsafe doesn't mean that it's therefore okay for Mailman to use it -- I still think we need to look at this further. It simply means, IMHO, that if we choose to not follow the W3 standard, that it's fairly safe to do so. And, editorial comment time, the subject line is a classic example of why subject line topic flags are the second worst damn thing you can do to a mailing list -- after coercing reply-to. How in the bloody heck is someone supposed to look at THAT and figure out whether they want to read the message? And my user studies have shown that subject line is the key determinant on whether a list message gets read. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Shroedinger: We can never really be sure which side of the road the chicken is on. It's all a matter of chance. Like a game of dice. Einstein, refuting Schroedinger: God does not play dice with chickens. Heisenburg: We can determine how fast the chicken travelled, or where it ended up, but we cannot determine why it did so. From cdy@algonet.se Mon Jul 16 13:07:52 2001 From: cdy@algonet.se (Calle Dybedahl) Date: 16 Jul 2001 14:07:52 +0200 Subject: [Mailman-Developers] Re: [Mailman-Announce] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <15183.22232.119442.302021@anthem.wooz.org> References: <15183.22232.119442.302021@anthem.wooz.org> Message-ID: <86n1659iw7.fsf@tezcatlipoca.algonet.se> Some time ago, we had a consultant write us some code for MailMan to implement a feature found in LISTSERV, so that we could stop using that listhandler. The feature in question is the ability to put a limit on how many members can be subscribed to a list. The code was written GPL:ed, and in the contract we stipulated that it be submitted to you, the MailMan maintainers, so that it could be included in future releases of MailMan. Since this anouncement displays no trace of such functionality, I'd just like to ask if you have rejected the code, or if it for some reason never reached you? -- Calle Dybedahl | UNIX-admin | Telenordia Internet | cdy@algonet.se From honey bear Mon Jul 16 21:20:41 2001 From: honey bear (honey bear) Date: Mon, 16 Jul 2001 16:20:41 -0400 Subject: [Mailman-Developers] Modifying -join and -leave addresses Message-ID: <20010716162041.A21879@ender.mutualslump.net> Quick (and hopefully easy) question: how would I modify the mailman code to have the -join and -leave addresses become -on and -off respectively? This is probably relatively simple but I'm not at all familiar with the code or the workings of mailman. thanks, jeremy -- "Rabbit's clever," said Pooh thoughtfully. "Yes," said Piglet, "Rabbit's clever." "And he has Brain." "Yes," said Piglet, "Rabbit has Brain." There was a long silence. "I suppose," said Pooh, "that that's why he never understands anything." From ray@qlitech.net Mon Jul 16 21:43:51 2001 From: ray@qlitech.net (Ray Sanders) Date: Mon, 16 Jul 2001 15:43:51 -0500 Subject: [Mailman-Developers] Security Issues? Message-ID: <3B535207.8080300@qlitech.net> Are there any know security issues with Mailman? I beleive I have found on on our local Linux Users Group mailing list. If the developer who is in charge of mailing list password mamagement could e-mail me in private. I would very much appreciate it. (So would our LUG) Thanks in advance! -- ===================================================== Ray Sanders - QLITech Linux Computers http://www.qlitech.net ray@qlitech.net 1-877-24-LINUX (Toll Free) ===================================================== From Dale Newfield Mon Jul 16 21:53:28 2001 From: Dale Newfield (Dale Newfield) Date: Mon, 16 Jul 2001 16:53:28 -0400 (EDT) Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010715111633.01631@scfn.thpl.lib.fl.us> Message-ID: On Sun, 15 Jul 2001, Jay R. Ashworth wrote: > What *I* think is that it's a special case, and any such pre-fetch > system ought to, by default, *not* pre-fetch anything with GET > parameters in it. > > *All* GETs have side effects by definition: you get something > different depending on what the parameters are. Right--but they don't necessarily have side effects. For example, I think GETs are the right way to do the panes in these pages: http://www.wunderland.com/LooneyLabs/Chrononauts/lostids/view.html And there's no reason all of those pages (database entries) shouldn't be pre-fetchable. -Dale Newfield Dale@Newfield.org From simon.troup@digitalmusicart.com Mon Jul 16 22:30:01 2001 From: simon.troup@digitalmusicart.com (Simon Troup) Date: Mon, 16 Jul 2001 22:30:01 +0100 Subject: [Mailman-Developers] Please Explain !!! Message-ID: > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --MS_Mac_OE_3078167401_392510_MIME_Part Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Can anyone please explain why, after joining the Mailman Users mailing list, I have been bombarded by dozens of emails that appear to orinate form mailing lists at portal2.com and outblaze.com and are addressed to sardy5@graffiti.net (not me !! My email appears in "Envelope to"). I also received over 4,000 (yes 4,000) bounced emails telling me that my (not actually my but sardy5@graffiti.net) subscription to some mailing list had failed. This has wasted an entire day for me. If you know what link there is between Mailman and portal2.com or outblaze.com please let me know. How could the emails get mixed up like this? I have now received mail from the Mailman Developers list addressed to sardy5@graffiti.net which is why I am posting here. My emails to outblaze.com have gone unanswered and now I am desperate to stop this unwanted bombardment of mail. Is someone collecting email addresses from the Mailman mailing lists ??? Any help greatly appreciated, I only want to receive my own mail, and getting dozens and dozens of misdirected mail on my sad English 56k connection is killing my system. Simon Troup simon.troup@digitalmusicart.com --MS_Mac_OE_3078167401_392510_MIME_Part Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable Please Explain !!! Can anyone please explain why, after joining the Mailman Users mailing = list, I have been bombarded by dozens of emails that appear to orinate form = mailing lists at portal2.com and outblaze.com and are addressed to sardy5@graffiti.net (not me !! My email appears i= n "Envelope to").

    I also received over 4,000 (yes 4,000) bounced emails telling me that my (n= ot actually my but sardy5@graffiti.net) = subscription to some mailing list had failed.

    This has wasted an entire day for me.

    If you know what link there is between Mailman and portal2.com or outblaze.= com please let me know. How could the emails get mixed up like this?

    I have now received mail from the Mailman Developers list addressed to sardy5@graffiti.net which is why I am postin= g here. My emails to outblaze.com have gone unanswered and now I am desperat= e to stop this unwanted bombardment of mail.

    Is someone collecting email addresses from the Mailman mailing lists ???
    Any help greatly appreciated, I only want to receive my own mail, and getti= ng dozens and dozens of misdirected mail on my sad English 56k connection is= killing my system.

    Simon Troup
    simon.troup@digitalmusicart.com     --MS_Mac_OE_3078167401_392510_MIME_Part-- From chuqui@plaidworks.com Mon Jul 16 22:40:53 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 14:40:53 -0700 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: Message-ID: > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3078139253_532635 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable On 7/16/01 2:30 PM, "Simon Troup" wrote: > Can anyone please explain why, after joining the Mailman Users mailing li= st, I > have been bombarded by dozens of emails that appear to orinate form maili= ng > lists at portal2.com and outblaze.com and are addressed to sardy5@graffit= i.net > (not me !! My email appears in "Envelope to"). I=B9m not seeing them. It=B9s likely coincidence =8B post a few headers, includin= g Received, so we can see what=B9s going on. FWIW, outblaze is an imploding black hole. I=B9m not surprised at all it=B9s barfing at you =8B it=B9s barfing at everyone, for all of the domains it is hosting. It=B9s been dying for about 2 months now, since the iname/mail.com people offloaded it=B9s free domains on it. --=20 Chuq Von Rospach, Internet Gnome [ =3D =3D ] Yes, yes, I've finally finished my home page. Lucky you. The Pinball Machine Rule is the observation that it doesn't matter a wit if the instructions are printed clearly for all to see, nobody will read them. They'll just drop their quarter(s) and start pushing buttons like a Tommy. -- Barry Warsaw --B_3078139253_532635 Content-type: text/html; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable Re: [Mailman-Developers] Please Explain !!! On 7/16/01 2:30 PM, "Simon Troup" <simon.= troup@digitalmusicart.com> wrote:

    Can anyone please explain why, a= fter joining the Mailman Users mailing list, I have been bombarded by dozens= of emails that appear to orinate form mailing lists at portal2.com and outb= laze.com and are addressed to sardy5@graffiti.net (not me !! My email appears in "Envelope to").

    I’m not seeing them. It’s likely coincidence — post a few= headers, including Received, so we can see what’s going on.

    FWIW, outblaze is an imploding black hole. I’m not surprised at all i= t’s barfing at you — it’s barfing at everyone, for all of = the domains it is hosting. It’s been dying for about 2 months now, sin= ce the iname/mail.com people offloaded it’s free domains on it.


    --
    Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
    [<chuqui@plaidworks.com> =3D <me@chuqui.com> =3D <chuq@apple.com= >]
    Yes, yes, I've finally finished my home page. Lucky you.

    The Pinball Machine Rule is the observation that it doesn't matter a wit if=
    the instructions are printed clearly for all to see, nobody will read
    them.  They'll just drop their quarter(s) and start pushing buttons like a Tommy. -- Barry Warsaw


     --B_3078139253_532635-- From simon.troup@digitalmusicart.com Mon Jul 16 22:55:38 2001 From: simon.troup@digitalmusicart.com (Simon Troup) Date: Mon, 16 Jul 2001 22:55:38 +0100 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: Message-ID: > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --MS_Mac_OE_3078168938_484959_MIME_Part Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Firstly, I have no idea why I'm getting mail from the Mailman Dev list, I didn't join it !!! Note also that I have not subscribed to any lists on outblaze.com / portal2.com and this is I believe a result of joining the mailman lists (happened 2 min after and I started getting post form mailman-dev too, only subscribed to mailman-users). Here's an example of what I've been getting ... Thanks ======================================= Return-path: Envelope-to: simon.troup@digitalmusicart.com Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400 Received: from tower.portal2.com ([202.77.223.18]) by dropkick.trouble-free.net with smtp (Exim 3.20 #1) id 15MAJf-0002p9-00 for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11:29:51 -0400 Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000 Delivered-To: sardy5@graffiti.net Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) (202.123.209.136) by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000 Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com [202.123.209.174]) by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6GFTvT31659 for ; Mon, 16 Jul 2001 15:29:57 GMT Message-ID: Content-Type: text/html; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) From: "Gloria Mui" To: "Doramail Mailing List" Date: Sun, 15 Jul 2001 01:58:53 +0800 Subject: [doratalk] Re: Hi List-Unsubscribe: Reply-To: "Doramail Mailing List" my english is ok... doramon is very cute, pokemon is ok. i dont really like them. sometimes, i think the cartoon is stupid...but many kids like it in canada...they are crazy for pokemon... are u chinese?? -- Get your free email from www.doramail.com with 30 Megs of disk space in webhosting and e-mail storage! Powered by Outblaze -- You are currently subscribed to doratalk as: sardy5@graffiti.net To unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com --MS_Mac_OE_3078168938_484959_MIME_Part Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable Re: [Mailman-Developers] Please Explain !!! Firstly, I have no idea why I'm getting mail from the Mailman Dev list, I d= idn't join it !!!

    Note also that I have not subscribed to any lists on outblaze.com / portal2= .com and this is I believe a result of joining the mailman lists (happened 2= min after and I started getting post form mailman-dev too, only subscribed = to mailman-users).

    Here's an example of what I've been getting ...

    Thanks

    =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
    Return-path: <bounce-doratalk-3118081= @list.doramail.com>
    Envelope-to: simon.troup@digitalmusicart.com
    Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400
    Received: from tower.portal2.com ([202.77.223.18])
       by dropkick.trouble-free.net with smtp (Exim 3.20 #1)    id 15MAJf-0002p9-00
       for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11= :29:51 -0400
    Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000
    Delivered-To: sardy5@graffiti.net
    Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) (2= 02.123.209.136)
     by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000
    Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com [= 202.123.209.174])
       by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6= GFTvT31659
       for <sardy5@graffiti.net>; Mon, 16 Jul 2001 15:29:= 57 GMT
    Message-ID: <LYRIS-3118081-45495-2001.07.16-12.20.20--sardy5#graffiti.ne= t@list.doramail.com>
    Content-Type: text/html; charset=3D"iso-8859-1"
    Content-Disposition: inline
    Content-Transfer-Encoding: 7bit
    MIME-Version: 1.0
    X-Mailer: MIME-tools 5.41 (Entity 5.404)
    From: "Gloria Mui" <gloriamui@doramail.com>
    To: "Doramail Mailing List" <doratalk@list.doramail.com> Date: Sun, 15 Jul 2001 01:58:53 +0800
    Subject: [doratalk] Re: Hi
    List-Unsubscribe: <mailto:leave-doratalk-3118081O@list.doramail.com><= BR> Reply-To: "Doramail Mailing List" <doratalk@list.doramail.com&= gt;


    my english is ok...

    doramon is very cute, pokemon is ok. i dont really like them.

    sometimes, i think the cartoon is stupid...but many kids like it in canada.= ..they are crazy for pokemon...

    are u chinese?? --
    Get your free email from www.doramail.com with 30 Megs of disk space in web= hosting and e-mail storage!





    Powered by Outblaze
    -- You are currently subscribed to doratalk as: sa= rdy5@graffiti.net To unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com
    --MS_Mac_OE_3078168938_484959_MIME_Part-- From chuqui@plaidworks.com Mon Jul 16 22:59:20 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 14:59:20 -0700 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: Message-ID: > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3078140361_599189 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit This has nothing to do with the mailman lists. It seems to be coming from a list server on doramail.com. On 7/16/01 2:55 PM, "Simon Troup" wrote: > Firstly, I have no idea why I'm getting mail from the Mailman Dev list, I > didn't join it !!! > > Note also that I have not subscribed to any lists on outblaze.com / > portal2.com and this is I believe a result of joining the mailman lists > (happened 2 min after and I started getting post form mailman-dev too, only > subscribed to mailman-users). > > Here's an example of what I've been getting ... > > Thanks > > ======================================= > Return-path: > Envelope-to: simon.troup@digitalmusicart.com > Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400 > Received: from tower.portal2.com ([202.77.223.18]) > by dropkick.trouble-free.net with smtp (Exim 3.20 #1) > id 15MAJf-0002p9-00 > for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11:29:51 -0400 > Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000 > Delivered-To: sardy5@graffiti.net > Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 > Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) > (202.123.209.136) > by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000 > Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com > [202.123.209.174]) > by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6GFTvT31659 > for ; Mon, 16 Jul 2001 15:29:57 GMT > Message-ID: > m> > Content-Type: text/html; charset="iso-8859-1" > Content-Disposition: inline > Content-Transfer-Encoding: 7bit > MIME-Version: 1.0 > X-Mailer: MIME-tools 5.41 (Entity 5.404) > From: "Gloria Mui" > To: "Doramail Mailing List" > Date: Sun, 15 Jul 2001 01:58:53 +0800 > Subject: [doratalk] Re: Hi > List-Unsubscribe: > Reply-To: "Doramail Mailing List" > > > my english is ok... > > doramon is very cute, pokemon is ok. i dont really like them. > > sometimes, i think the cartoon is stupid...but many kids like it in > canada...they are crazy for pokemon... > > are u chinese?? -- > Get your free email from www.doramail.com with 30 Megs of disk space in > webhosting and e-mail storage! > > > > > > Powered by Outblaze > -- You are currently subscribed to doratalk as: sardy5@graffiti.net To > unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com > > -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. To the optimist, the glass is half full. To the pessimist, the glass is half empty. To the engineer, the glass is twice as big as it needs to be. --B_3078140361_599189 Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable Re: [Mailman-Developers] Please Explain !!! This has nothing to do with the mailman lists.

    It seems to be coming from a list server on doramail.com.


    On 7/16/01 2:55 PM, "Simon Troup" <simon.troup@digitalmusicart= .com> wrote:

    Firstly, I have no idea why I'm get= ting mail from the Mailman Dev list, I didn't join it !!!

    Note also that I have not subscribed to any lists on outblaze.com / portal2= .com and this is I believe a result of joining the mailman lists (happened 2= min after and I started getting post form mailman-dev too, only subscribed = to mailman-users).

    Here's an example of what I've been getting ...

    Thanks

    =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
    Return-path: <bounce-doratalk-3118081@lis= t.doramail.com>
    Envelope-to: simon.troup@digitalmusicart.com
    Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400
    Received: from tower.portal2.com ([202.77.223.18])
       by dropkick.trouble-free.net with smtp (Exim 3.20 #1)
       id 15MAJf-0002p9-00
       for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11:= 29:51 -0400
    Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000
    Delivered-To: sardy5@graffiti.net
    Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) (2= 02.123.209.136)
     by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000
    Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com [= 202.123.209.174])
       by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6G= FTvT31659
       for <sardy5@graffiti.net>; Mon, 16 Jul 2001 15:29:5= 7 GMT
    Message-ID: <LYRIS-3118081-45495-2001.07.16-12.20.20--sardy5#graffiti.ne= t@list.doramail.com>
    Content-Type: text/html; charset=3D"iso-8859-1"
    Content-Disposition: inline
    Content-Transfer-Encoding: 7bit
    MIME-Version: 1.0
    X-Mailer: MIME-tools 5.41 (Entity 5.404)
    From: "Gloria Mui" <gloriamui@doramail.com>
    To: "Doramail Mailing List" <doratalk@list.doramail.com> Date: Sun, 15 Jul 2001 01:58:53 +0800
    Subject: [doratalk] Re: Hi
    List-Unsubscribe: <mailto:leave-doratalk-3118081O@list.doramail.com><= BR> Reply-To: "Doramail Mailing List" <doratalk@list.doramail.com&= gt;


    my english is ok...

    doramon is very cute, pokemon is ok. i dont really like them.

    sometimes, i think the cartoon is stupid...but many kids like it in canada.= ..they are crazy for pokemon...

    are u chinese?? --
    Get your free email from www.doramail.com with 30 Megs of disk space in web= hosting and e-mail storage!





    Powered by Outblaze
    -- You are currently subscribed to doratalk as: sa= rdy5@graffiti.net To unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com



    --
    Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
    [<chuqui@plaidworks.com> =3D <me@chuqui.com> =3D <chuq@apple.com= >]
    Yes, yes, I've finally finished my home page. Lucky you.

      To the optimist, the glass is half full.
      To the pessimist, the glass is half empty.
      To the engineer, the glass is twice as big as it needs to be.

    --B_3078140361_599189-- From simon.troup@digitalmusicart.com Tue Jul 17 00:07:33 2001 From: simon.troup@digitalmusicart.com (Simon Troup) Date: Tue, 17 Jul 2001 00:07:33 +0100 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: <20010716153829.A15560@babylon5.babcom.com> Message-ID: > Possible theorem: > Someone who owns or has compromised the sardy5@graffiti.net account is > using it and its .forward file to mailbomb you. > > Have you tried sending it an unsubscribe message or complaining to the > listowner? Well, failing anything else that is what I'll do, although I am a little tentative about mailing any mailing list after the thousands of subscribe failure notices I was sent (when I didn't subscribe). I'm no goody two shoes but I doubt a tech minded enemy is doing this to me, it doesn't make any sense. Oh well I'm going to bite the bullet and try to unsubscribe. I do have options (mail block etc) but I thought you guys would want to know about things like this, and frankly I was curious why it happened so I could stop it happening again. I realise that this is not the fault of python.org or mailman, but somehow my signing up to a list with python.org instigated a bizarre mixup or attack via sardy5@graffiti.net My thanks to all those who have looked into this. Simon Troup From barry@digicool.com Tue Jul 17 01:02:19 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 16 Jul 2001 20:02:19 -0400 Subject: [Mailman-Developers] Please Explain !!! References: Message-ID: <15187.32907.166733.951521@anthem.wooz.org> >>>>> "ST" == Simon Troup writes: ST> Can anyone please explain why, after joining the Mailman Users ST> mailing list, I have been bombarded by dozens of emails that ST> appear to orinate form mailing lists at portal2.com and ST> outblaze.com and are addressed to sardy5@graffiti.net (not me ST> !! My email appears in "Envelope to"). I can guarantee there is no explicit connection between portal2 or outblaze and either Mailman or python.org. I highly doubt there's any implicit connection either, i.e. they aren't using Mailman. From the Message-ID of the message you forwarded, I'd say it's a good guess they're using Lyris . It's also almost impossible that you got bombarded by someone harvesting mailman-users because 1) there's no way they could have done that in just a few minutes; 2) why didn't anybody else get spammed? -Barry From simon.troup@digitalmusicart.com Tue Jul 17 01:15:39 2001 From: simon.troup@digitalmusicart.com (Simon Troup) Date: Tue, 17 Jul 2001 01:15:39 +0100 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: <15187.32907.166733.951521@anthem.wooz.org> Message-ID: The reason that I know there is a connection, however tentative, is that sardy5@graffiti.net is signed up on mailman-dev mailing list (i just checked) and I'm now getting all his/her mail. This is the only connection between me and him/her. I have never so much as looked at anything on portal2.com or outblaze.com. I admint it's bizzarre, but just check the subscribers list ?!?! It was probably not the python.org servers that mixed it up (how could they), still how in the hell did it happen?!?! Beats me. Simon Troup From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 16 Jul 2001 20:02:19 -0400 To: Simon Troup Cc: Subject: Re: [Mailman-Developers] Please Explain !!! >>>>> "ST" == Simon Troup writes: ST> Can anyone please explain why, after joining the Mailman Users ST> mailing list, I have been bombarded by dozens of emails that ST> appear to orinate form mailing lists at portal2.com and ST> outblaze.com and are addressed to sardy5@graffiti.net (not me ST> !! My email appears in "Envelope to"). I can guarantee there is no explicit connection between portal2 or outblaze and either Mailman or python.org. I highly doubt there's any implicit connection either, i.e. they aren't using Mailman. From the Message-ID of the message you forwarded, I'd say it's a good guess they're using Lyris . It's also almost impossible that you got bombarded by someone harvesting mailman-users because 1) there's no way they could have done that in just a few minutes; 2) why didn't anybody else get spammed? -Barry _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers From gerald@impressive.net Tue Jul 17 01:38:28 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Mon, 16 Jul 2001 20:38:28 -0400 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: ; from chuqui@plaidworks.com on Sat, Jul 14, 2001 at 08:49:34PM -0700 References: <20010714193201.A31163@impressive.net> Message-ID: <20010716203828.C24341@impressive.net> On Sat, Jul 14, 2001 at 08:49:34PM -0700, Chuq Von Rospach wrote: > On 7/14/01 4:32 PM, "Gerald Oskoboiny" wrote: > > > Regarding "I think they're wrong", I respect your opinion, but > > the HTTP spec is the result of a decade of work on and experience > > with HTTP by full-time web protocol geeks... > > But web geeks are not necessarily user-interface or user-experience geeks. > You can perfectly correctly build a nice system that's technically correct, > but not right for the users. Sure... I agree that it's possible for a standard to be irrelevant or just not meet the needs of the users for which it was written. But I don't think that is the case here: there really is a good reason for this distinction between get and post, and it is widely followed by popular sites *because* of the usability issues. (I would like to back up my "widely followed" claim by doing a survey of various popular sites, but don't have time today, and probably won't until Friday at the earliest :( Anyway, I am fairly confident that is the case.) > > What if I have a smart system on my desktop PC that is configured > > to prefetch any URLs it sees in my incoming email, > > Given the number of viruses, spam with URLs and other garbage out there, I'd > say you're foolish (bordering on stupid), but that's beside the point. Either that, or I value my time more than that of some stupid machine's :) Fetching a URL into my local http cache doesn't cause a virus to be executed or anything else bad to happen, and I wouldn't use software where that kind of thing would be possible anyway. > It is > an interesting issue, one I can't toss out easily; but I'm not convinced, > either. I think it's something that needs to be hashed over, perhaps > prototyped both ways so we can see the best way to tweak it. > > Barry, what do you think about this instance? As the net moves more towards > wireless, PDA, mobile-phone, stuff, could we be setting ourselves up for a > later problem by ignoring this pre-cache issue Gerald's raised? > > Gerald, does W3 have sample pages for "right" and "wrong" that can be looked > at, or are we going to have to develop some? The more I think about this, > the more I think it's case where we ought to see if we can develop a > prototype that follows the standards that we like, rather than toss it out > at first glance. But if we can't come up with a system that we agree is > 'easy enough', then we should go to what we're currently thinking. I included pointers to all the stuff I could think of in my first message in this thread, including a proposed implementation for mailman: http://mail.python.org/pipermail/mailman-developers/2001-January/003579.html If you think the docs on this subject at W3C are lacking, by all means let me know. Somewhat related, W3C recently published a note called "Common User Agent Problems" and it was received quite well by the web community ("we need more of that kind of thing", etc.) I think there is a plan to write a similar one targeted towards site administrators, pointing out common mistakes and raising awareness about little-known but important RFC/spec details like this. > > That would allow anyone in the world to sign me up for any > > mailman-backed mailing list, whether or not I even see the email > > confirmation requests. And that would be Mailman's fault, for > > misusing HTTP GETs. > > In disagree with this -- since as you say, any number of places already > misuse GET, that usage is fairly common. A user who sets themselves up for > it should know (or be warned by their mail client) that it has the > possibility to trigger events. I'd say it's more a client issue than a > Mailman issue. By "Mailman's fault" I meant that if mailman did this, it would be the part of the equation causing problems by not abiding by the HTTP spec. But this prefetching thing is just an example; the main point is that the protocol has this stuff built in for a reason, and there may be hundreds of other applications (current and future) that need it to be there. > And, thinking about it, since GET *can* do this, it's probably wrong for W3 > to push for it not to be used that way, because if things like your > pre-caching system come into common use, the dark side of the net will take > advantage of it, the way early virus writers took advantage of mail clients > with auto-exec of .EXE's being on by default. So aren't you setting yourself > up for problems by having a technology that can, even if you deprecate it, > because it sets a user expectation that's going to be broken by those > wanting to take advantage of it? I've got a bad feeling about this -- your > example seems to set yourself up for abuse by those looking for ways ot > abuse you, and that's a bigger issue than Mailman using it -- because if all > of the 'white side' programs cooperate, it just encourages creation of > things (like the pre-caching) that the dark side will take adavantage of. I'm not worried about abuse, myself; I would have set this up on my desktop system already if I had more time to hack it up... > > But I'd be making this > > argument whether or not that were the case, since it's clearly > > the Right Thing to do imho... > > And the more I think about it, the more it's an interesting point -- but on > more than one level. Has W3c considered the implications of defining a > standard that depends on voluntary acceptance here? Which Internet standards *don't* depend on voluntary acceptance? The HTTP spec (for example) just provides information on how HTTP is meant to work. Then people who want to do the right thing have a place to look up what the Right Thing is, and if there are ever interoperability problems between different pieces of software, people can check the spec and say "hey, look, you're doing this wrong; see rfc nnnn, sec m.m; please fix." (and if that doesn't work, there's always http://www.rfc-ignorant.org/ ;) > Because the service you > propose is unsafe unless you can guarantee everyone you talk to is > compliant, and we know how likely that's going to be. I disagree that it's unsafe; I don't especially want a bunch of spam in my http cache, but don't really care about it, either. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From chuqui@plaidworks.com Tue Jul 17 01:47:24 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 17:47:24 -0700 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: <20010716203828.C24341@impressive.net> Message-ID: On 7/16/01 5:38 PM, "Gerald Oskoboiny" wrote: > Fetching a URL into my local http cache doesn't cause a virus to > be executed or anything else bad to happen, and I wouldn't use > software where that kind of thing would be possible anyway. You're speaking both sides of the argument, Gerald, because this whole discussion started with "don't do it this way, or you could cause me to automatically be subscribed to a mailing list". Yet you're saying it's okay to fetch it, because evidently if you fetch it, nothing bad will happen. So is it a good thing or a bad thing? You seem to be claiming both at the same time. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. I recommend the handyman's secret weapon: duct tape. From gerald@impressive.net Tue Jul 17 02:08:15 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Mon, 16 Jul 2001 21:08:15 -0400 Subject: [Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2) In-Reply-To: ; from chuqui@plaidworks.com on Mon, Jul 16, 2001 at 05:47:24PM -0700 References: <20010716203828.C24341@impressive.net> Message-ID: <20010716210815.A334@impressive.net> On Mon, Jul 16, 2001 at 05:47:24PM -0700, Chuq Von Rospach wrote: > On 7/16/01 5:38 PM, "Gerald Oskoboiny" wrote: > > > Fetching a URL into my local http cache doesn't cause a virus to > > be executed or anything else bad to happen, and I wouldn't use > > software where that kind of thing would be possible anyway. > > You're speaking both sides of the argument, Gerald, because this whole > discussion started with "don't do it this way, or you could cause me to > automatically be subscribed to a mailing list". Yet you're saying it's okay > to fetch it, because evidently if you fetch it, nothing bad will happen. > > So is it a good thing or a bad thing? You seem to be claiming both at the > same time. I guess I should have written "or anything else really bad to happen"; I consider viruses and autoexecing executables to be much more dangerous than the occasional errant mailing list subscription. I am prepared to deal with a few bogus subscriptions here and there (of course, I'll bug each of them to get fixed as I encounter them), but it would be really bad for mailman-backed lists to operate this way, especially as mailman continues to take over the world... But once again, this prefetching business is just an example, please don't focus on that exclusively: what I am really asking is simply for Mailman to comply with the HTTP specs. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From barry@digicool.com Tue Jul 17 04:31:00 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Mon, 16 Jul 2001 23:31:00 -0400 Subject: [Mailman-Developers] Please Explain !!! References: <15187.32907.166733.951521@anthem.wooz.org> Message-ID: <15187.45428.875810.90856@anthem.wooz.org> >>>>> "ST" == Simon Troup writes: ST> I admint it's bizzarre, but just check the subscribers list ST> ?!?! It was probably not the python.org servers that mixed it ST> up (how could they), still how in the hell did it happen?!?! ST> Beats me. Me too. From chuqui@plaidworks.com Tue Jul 17 04:43:56 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 20:43:56 -0700 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: <15187.45428.875810.90856@anthem.wooz.org> Message-ID: On 7/16/01 8:31 PM, "Barry A. Warsaw" wrote: > Me too. Yup. But nobody else on the list saw anything, so it's hard to say that they somehow chose one person out of the list to annoy. I'd suggest looking further, and see if you can find what's really going on, since it doesn't seem to involve the python.org lists. Be aware, though, that outblaze is a horribly flakey place these days, and I"m not at all surprised it's barfing at people. I've seen multiple instances of that kind of problem -- to the point where I finally unsubscribed everyone with outblaze-based addresses from all my lists, and if they asked, I told them to get different addresses that worked. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Q: Did God really create the world in seven days? A: He did it in six days and nights while living on cola and candy bars. On the seventh day he went home and found out his girlfriend had left him. From chuqui@plaidworks.com Tue Jul 17 05:04:09 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Mon, 16 Jul 2001 21:04:09 -0700 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: <20010716203828.C24341@impressive.net> Message-ID: I've removed mailman-users from the disto. We shhouldn't be using both lists at the same time in discussions, and this is a developers/design issue. On 7/16/01 5:38 PM, "Gerald Oskoboiny" wrote: > Sure... I agree that it's possible for a standard to be irrelevant > or just not meet the needs of the users for which it was written. > > But I don't think that is the case here: But -- you haven't dealt with the safety issue in any substantive way. If you can't build a standard that protects the user from abuse, I'd argue that the standard provides a false sense of security that is more destructive than not standardizing at all; because, as you noted, it'll tend to encourage developers to write to the standard, and not all of those writers will really understand the subtler issues involved. So if you can't make GET safe to automatically browse, even with the blackhats, I'd argue it's better to not create standards that'd encourage that -- or write the standard in such a way that these issues and limitations are very clear IN the standard. > (I would like to back up my "widely followed" claim by doing a > survey of various popular sites, but don't have time today, and > probably won't until Friday at the earliest :( Anyway, I am > fairly confident that is the case.) I would really like to see this; especially since ignoring the larger issues with the standard, I'd like to see how people are doing this so make sure stuff that's done here (and stuff I have in the hopper) do it the best way. And that means following standards, as long as they make sense. But I still wouldn't auto-crawl an incoming data stream for links and pull them down automagically... I'm bothered with the larger issues, almost to the point where the initial problem becomes irrelevant. > Fetching a URL into my local http cache doesn't cause a virus to > be executed or anything else bad to happen, and I wouldn't use > software where that kind of thing would be possible anyway. No, but it can cause actions you'll regret. You started this by bringing up one as a problem. Now, however, you're saying "well, that's no big deal". Which is it? No big deal? Or a problem? And if we can trigger actions you might or might not like, you can bet it'll honk off others. And if we can trigger actions, so can others, and those won't necessarily be innocent ones. So I don't think you can ignore this issue by simply minimizing it's importance. Either it is, or it isn't, and you can't start making judgemental calls on individual cases and using that to imply that all cases are not serious. To me, that's what you've done -- no offense, Gerald, but it's coming across a bit like you're trying to duck the larger issue, while still pushing for mailman to 'fix' the problem you're trying to minimize. > If you think the docs on this subject at W3C are lacking, by all > means let me know. No, what I really was hoping for were examples of what W3 (or you) consider 'proper', to see how W3 thinks this ought to be done. > Somewhat related, W3C recently published a note called "Common > User Agent Problems" and it was > received quite well by the web community Off to go read.... > I think there is a plan to write a similar > one targeted towards site administrators, pointing out common > mistakes and raising awareness about little-known but important > RFC/spec details like this. One of the best things I think W3 could do in these cases is not only to write "good" "bad", but generate cookbooks of techniques, with explanations of why they're good, or why they ought to be avoided. Especially in the subtlties of the standards that might not be intuitively obvious, or which might be involved in emerging technologies (like wireless) that the typical designer hasn't had time to worry about yet (or doesn't know to worry about). I love things like the "Perl Cookbook" of code fragments and examples, not just because it saves me reinventing the wheel, but it gives me insight into how things ought to be done, at least in the eyes of my betters. And if you create a cookbook, people are a lot more likely to adopt them, since they can borrow the existing code... > By "Mailman's fault" I meant that if mailman did this, it would > be the part of the equation causing problems by not abiding by > the HTTP spec. But this prefetching thing is just an example; the > main point is that the protocol has this stuff built in for a > reason, and there may be hundreds of other applications (current > and future) that need it to be there. The standards also brought us, um, BLINK. Just because it's there or someone proposes it doesn't mean we ought to do it that way. > I'm not worried about abuse, myself; You should be. Espeecailly if you're building a standard that enables security problems and encourages programmers to write to allow for those problems in it. >> And the more I think about it, the more it's an interesting point -- but on >> more than one level. Has W3c considered the implications of defining a >> standard that depends on voluntary acceptance here? > > Which Internet standards *don't* depend on voluntary acceptance? But there's a difference here -- we're talking about possible security issues, not just whether someone adopts a tag. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. 95% of being a net.god is sounding persuasive and convincing people you know what you're talking about, even when you're making it up as you go along. (chuq von rospach, 1992) From barry@digicool.com Tue Jul 17 05:16:06 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 17 Jul 2001 00:16:06 -0400 Subject: [Mailman-Developers] GET vs POST (was Re: subscription confirmations) References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> Message-ID: <15187.48134.59109.612907@anthem.wooz.org> I have a couple of questions and comments, and then I /really/ need to get some sleep, so I'll follow up with more tomorrow. If state changing GETs break the standards, then why does e.g. Apache by default allow you to GET a cgi program? Apache is the most common web server (certainly on Mailman-friendly OSes) so I would think that it should adhere to the specs pretty closely. Aren't the majority of cgi programs of a state-changing nature? Sure, you've got your odd search interface, but even a script like Mailman's private.py changes state: you get authenticated and a cookie gets dropped, and now your interactions are governed by a change in state. Wouldn't it therefore make sense for Apache to in general disallow GETs to programs by default, with some enabling technique to allow specific state-neutral programs to be GETted? I'll also mention that it seems to me that strict adherence to this rule would be pretty harmful to a platform like Zope, where urls are really encoded object access and execution commands (like RPC via urls). sleepi-ly y'rs, -Barry From rogerk@QueerNet.ORG Tue Jul 17 05:58:49 2001 From: rogerk@QueerNet.ORG (Roger B.A. Klorese) Date: Mon, 16 Jul 2001 21:58:49 -0700 (PDT) Subject: [Mailman-Developers] Re: [Mailman-Users] GET vs POST (was Re: subscription confirmations) In-Reply-To: <15187.48134.59109.612907@anthem.wooz.org> Message-ID: On Tue, 17 Jul 2001, Barry A. Warsaw wrote: > If state changing GETs break the standards, then why does e.g. Apache > by default allow you to GET a cgi program? A CGI program that has no side-effects and simply dynamically generates content wouldn't be a violation. > Wouldn't it therefore make sense for Apache to in general disallow > GETs to programs by default, with some enabling technique to allow > specific state-neutral programs to be GETted? No, not to me, anyway. > I'll also mention that it seems to me that strict adherence to this > rule would be pretty harmful to a platform like Zope, where urls are > really encoded object access and execution commands (like RPC via > urls). Sounds like a bad choice. -- ROGER B.A. KLORESE rogerk@QueerNet.ORG PO Box 14309 San Francisco, CA 94114 "Go without hate. But not without rage. Heal the world." -- Paul Monette From gerald@impressive.net Tue Jul 17 07:35:24 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Tue, 17 Jul 2001 02:35:24 -0400 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: ; from chuqui@plaidworks.com on Mon, Jul 16, 2001 at 09:04:09PM -0700 References: <20010716203828.C24341@impressive.net> Message-ID: <20010717023524.C1482@impressive.net> On Mon, Jul 16, 2001 at 09:04:09PM -0700, Chuq Von Rospach wrote: > I've removed mailman-users from the disto. We shhouldn't be using both lists > at the same time in discussions, and this is a developers/design issue. ok... I was wondering about that, thanks. > On 7/16/01 5:38 PM, "Gerald Oskoboiny" wrote: > > Sure... I agree that it's possible for a standard to be irrelevant > > or just not meet the needs of the users for which it was written. > > > > But I don't think that is the case here: > > But -- you haven't dealt with the safety issue in any substantive way. If > you can't build a standard that protects the user from abuse, I'd argue that > the standard provides a false sense of security that is more destructive > than not standardizing at all; because, as you noted, it'll tend to > encourage developers to write to the standard, and not all of those writers > will really understand the subtler issues involved. So if you can't make GET > safe to automatically browse, even with the blackhats, I'd argue it's better > to not create standards that'd encourage that -- or write the standard in > such a way that these issues and limitations are very clear IN the standard. I think the HTTP spec is fairly clear about most of this: 9.1.1 Safe Methods Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others. In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested. Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them. -- http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1 but once all that's been said, it's really up to the implementations to do the right thing. > > Fetching a URL into my local http cache doesn't cause a virus to > > be executed or anything else bad to happen, and I wouldn't use > > software where that kind of thing would be possible anyway. > > No, but it can cause actions you'll regret. You started this by bringing up > one as a problem. Now, however, you're saying "well, that's no big deal". > > Which is it? No big deal? Or a problem? And if we can trigger actions you > might or might not like, you can bet it'll honk off others. And if we can > trigger actions, so can others, and those won't necessarily be innocent > ones. If it happens once in a while with an obscure site here and there, that's much less of a problem than if some popular software like Mailman is doing the wrong thing and sending out tens or hundreds of thousands of these messages every day. (in part because every time one of these is used, it helps legitimize the practice of 'click this URL to unsub', which is the wrong message to be sending to people.) I don't expect all the incorrect implementations in the world to suddenly get fixed overnight, but I'm trying to get the ones I know about fixed. > > If you think the docs on this subject at W3C are lacking, by all > > means let me know. > > No, what I really was hoping for were examples of what W3 (or you) consider > 'proper', to see how W3 thinks this ought to be done. ok, I'll try to write something up on this sometime... > > I think there is a plan to write a similar > > one targeted towards site administrators, pointing out common > > mistakes and raising awareness about little-known but important > > RFC/spec details like this. > > One of the best things I think W3 could do in these cases is not only to > write "good" "bad", but generate cookbooks of techniques, with explanations > of why they're good, or why they ought to be avoided. Especially in the > subtlties of the standards that might not be intuitively obvious, or which > might be involved in emerging technologies (like wireless) that the typical > designer hasn't had time to worry about yet (or doesn't know to worry > about). I agree this kind of thing needs to be done, but I think it can usually be done quite well by third parties, in online courses and articles, printed books, etc. But like I said above, I think W3C will start doing a bit more of this than we have in the past, it's just a matter of finding the time... > > By "Mailman's fault" I meant that if mailman did this, it would > > be the part of the equation causing problems by not abiding by > > the HTTP spec. But this prefetching thing is just an example; the > > main point is that the protocol has this stuff built in for a > > reason, and there may be hundreds of other applications (current > > and future) that need it to be there. > > The standards also brought us, um, BLINK. er... no, Netscape's programmers implemented BLINK one night after they had been drinking :) It's not in any HTML standard ever published by W3C or the IETF. > >> And the more I think about it, the more it's an interesting point -- but on > >> more than one level. Has W3c considered the implications of defining a > >> standard that depends on voluntary acceptance here? > > > > Which Internet standards *don't* depend on voluntary acceptance? > > But there's a difference here -- we're talking about possible security > issues, not just whether someone adopts a tag. A bad implementation of a spec can always cause security problems. This distinction between GET and POST in the HTTP protocol is specifically there to *prevent* problems: if I make a stock trade using an online brokerage and then hit my browser's "back" and "forward" buttons, I don't want the same transaction executed again! That's why brokerages, banks, and other quality sites use POST for such transactions, and browsers written to the spec will prompt the user for confirmation before rePOSTing a form. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From mailman-developers@python.org Tue Jul 17 07:53:09 2001 From: mailman-developers@python.org (Gerald Oskoboiny) Date: Tue, 17 Jul 2001 02:53:09 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <15187.48134.59109.612907@anthem.wooz.org>; from barry@digicool.com on Tue, Jul 17, 2001 at 12:16:06AM -0400 References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> Message-ID: <20010717025309.D1482@impressive.net> (Chuq has suggested that we keep this thread on -developers, so this will be my last post to -users on the subject for now, I just wanted to respond to this here in case anyone else was curious about this stuff.) On Tue, Jul 17, 2001 at 12:16:06AM -0400, Barry A. Warsaw wrote: > > I have a couple of questions and comments, and then I /really/ need to > get some sleep, so I'll follow up with more tomorrow. > > If state changing GETs break the standards, then why does e.g. Apache > by default allow you to GET a cgi program? Apache is the most common > web server (certainly on Mailman-friendly OSes) so I would think that > it should adhere to the specs pretty closely. > > Aren't the majority of cgi programs of a state-changing nature? I don't think so; TimBL addresses this in his writeup: Forms: GET and POST There is a very important distinction in society and in software, and certainly on the Web, between reading and writing; between having no effect and making changes; between observing and making a commitment. This is fundamental in the Web and your web site must respect it. Currently the line is often fuzzily drawn, which is very bad for many reasons. Form can work in two ways corresponding to this distinction. One way is to direct the user, like a link, to a new resource, but one whose URI is constructed from the form's field values. This is typically how a query form works. (It uses HTTP's GET method.) The user makes no commitment. Once he or she has followed the link, he or she can bookmark the result of the query. Following any link to that same URI will perform the same query again. It is as though Web space were populated by lots of virtual pages, one for the results of each possible query to the server. There is no commitment by the user. The operation can be undone simply by pressing the Back button on a browser. The user can never be held responsible for anything which was done using HTTP GET. If your website fills a shopping cart as a user follows normal links, and sometimes users end up ordering too much or too little as they use a web accelerator or a cache, then it is your fault. You should have used the second way. The second way a form can work is to take a command, or commitment, from the user. This is done using HTTP POST or sometimes by sending an message. "Submit this order", and "unsubscribe from this list" are classic examples. It is really important that the user understands when a commitment or change is being made and when it isn't. Hopefully, clients will help by changing the cursor to a special one when a commitment is about to be made. Such an operation, like sending an email, or signing and mailing a paper document, cannot be undone. It is socially quite different. Browsers and servers and proxies which understand HTTP treat it quite differently. You should never confuse these two types of interaction on your web site, either way. If you do, you break the web, and the web will break your site. -- http://www.w3.org/Provider/Style/Input > Sure, > you've got your odd search interface, but even a script like Mailman's > private.py changes state: you get authenticated and a cookie gets > dropped, and now your interactions are governed by a change in state. private.py uses POST, no? un: gerald> grep -i ' (from the 2.0.5 codebase) > I'll also mention that it seems to me that strict adherence to this > rule would be pretty harmful to a platform like Zope, where urls are > really encoded object access and execution commands (like RPC via > urls). I haven't studied Zope, so I don't know about that, sorry. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From thomas@xs4all.net Tue Jul 17 09:34:22 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Tue, 17 Jul 2001 10:34:22 +0200 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <15184.31080.663487.123985@anthem.wooz.org> Message-ID: <20010717103422.J5396@xs4all.nl> On Sat, Jul 14, 2001 at 12:55:04PM -0400, Barry A. Warsaw wrote: > >>>>> "CVR" == Chuq Von Rospach writes: > >> I realize that a number of other sites misuse GET this way, but > >> I think most of the large ones (e.g., Yahoo, online brokerages > >> and banks, etc.) get it right, and I think Mailman should too. [ ... ] > CVR> But the key is this is a finalization of a distributed > CVR> transaction, with e-mail distributing the token. Under other > CVR> circumstances, I see W3's logic. Here, however, using a URL > CVR> to bring up a page that says "click here to confirm" is only > CVR> going to piss off Joe User, not make his life better. > I agree with Chuq. The user isn't going to understand the distinction > and is just going to be annoyed by having to do, what to them seems > like an extra unnecessary step. After some careful consideration, as well as a chat with a few clueful colleagues, I have to disagree with you, Barry. The trick here is 'managing the expectations'. Having the message say something like To confirm or remove your subscription request, visit And then have that URL bring up a nice overview of what list you are subscribing to, the options you chose (regular-digest/mime-digest/etc), what email address you entered, and 'remove' and 'confirm' buttons. Frankly, it's always bothered me that you can't unconfirm a mailinglist subscription, let alone not being able to see what you are subscribing to ;P Extra credit if you make the URL (or something similar) also work if a subscription is held for approval, but without a 'confirm' button -- just a 'remove' one. Actually, the same kind of interface for a held message would be great, too :) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From gorg@sun1.imbi.uni-freiburg.de Tue Jul 17 11:02:47 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Tue, 17 Jul 2001 12:02:47 +0200 Subject: [Mailman-Developers] Bug in Mailman version 2.1a2: confirm+approve via URL Message-ID: <3B540D47.9E6607B0@imbi.uni-freiburg.de> This is a multi-part message in MIME format. --------------97904EBC523467BE868515F6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi developers, when a user tries to confirms a subscription request for a list with "confirm+approve" subscription poliy via the URL given in the "confirm" email, he hits a bug (see attachment). The administrator is notified about a subcription request but does not find one in the administrative database. Who helps? Georg Koch -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ --------------97904EBC523467BE868515F6 Content-Type: text/html; charset=us-ascii; name="3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d" Content-Base: "http://www.cochrane.de/mailman/confirm /test.closed/3d51811f6ec50924cbcfb5 a15fb5e42c27b2c87d" Content-Location: "http://www.cochrane.de/mailman/confirm /test.closed/3d51811f6ec50924cbcfb5 a15fb5e42c27b2c87d" Bug in Mailman version 2.1a2

    Bug in Mailman version 2.1a2

    We're sorry, we hit a bug!

    If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks!

    Traceback:

    Traceback (most recent call last):
  File "/local/mailman/scripts/driver", line 96, in run_main
    main()
  File "/local/mailman/Mailman/Cgi/confirm.py", line 70, in main
    data = mlist.ProcessConfirmation(cookie)
  File "../Mailman/MailList.py", line 1175, in ProcessConfirmation
    raise Errors.MMNeedApproval, _(
MMNeedApproval: subscriptions to Test.closed require administrator approval

    Python information:

    VariableValue
    sys.version 2.1 (#1, Jun 26 2001, 16:46:38) [GCC 2.95.2 19991024 (release)]
    sys.executable /usr/local/bin/python
    sys.prefix /usr/local
    sys.exec_prefix /usr/local
    sys.path /usr/local
    sys.platform sunos5

    Environment variables:

    VariableValue
    DOCUMENT_ROOT /www/docs/cochrane
    SERVER_ADDR 132.230.10.21
    HTTP_ACCEPT_ENCODING gzip
    REMOTE_HOST sun31.imbi.uni-freiburg.de
    SERVER_PORT 80
    PATH_TRANSLATED /www/docs/cochrane/test.closed/3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d
    REMOTE_ADDR 132.230.10.31
    SERVER_SOFTWARE Apache/1.3.19 (Unix) ApacheJServ/1.1.2 PHP/4.0.4pl1 mod_ssl/2.8.1 OpenSSL/0.9.6
    GATEWAY_INTERFACE CGI/1.1
    UNIQUE_ID O1QKdYTmChUAAAa3GM4
    HTTP_ACCEPT_LANGUAGE en
    REMOTE_PORT 40434
    SERVER_NAME www.cochrane.de
    TZ MET
    HTTP_USER_AGENT Mozilla/4.7 [en] (X11; I; SunOS 5.8 sun4u)
    HTTP_ACCEPT_CHARSET iso-8859-1,*,utf-8
    HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
    REQUEST_URI /mailman/confirm/test.closed/3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d
    QUERY_STRING
    SERVER_PROTOCOL HTTP/1.0
    PATH_INFO /test.closed/3d51811f6ec50924cbcfb5a15fb5e42c27b2c87d
    HTTP_HOST www.cochrane.de
    REQUEST_METHOD GET
    SERVER_SIGNATURE
    Apache/1.3.19 Server at www.cochrane.de Port 80
    SCRIPT_NAME /mailman/confirm
    SERVER_ADMIN gorg@cochrane.de
    SCRIPT_FILENAME /dsk/www/mailman/cgi-bin/confirm
    PYTHONPATH /local/mailman
    HTTP_COOKIE test.closed:admin=
    HTTP_CONNECTION Keep-Alive
    --------------97904EBC523467BE868515F6-- From jra@baylink.com Tue Jul 17 14:35:03 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Tue, 17 Jul 2001 09:35:03 -0400 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: <20010717023524.C1482@impressive.net>; from Gerald Oskoboiny on Tue, Jul 17, 2001 at 02:35:24AM -0400 References: <20010716203828.C24341@impressive.net> <20010717023524.C1482@impressive.net> Message-ID: <20010717093503.24833@scfn.thpl.lib.fl.us> On Tue, Jul 17, 2001 at 02:35:24AM -0400, Gerald Oskoboiny wrote: > # Naturally, it is not possible to ensure that the server does not > # generate side-effects as a result of performing a GET request; in > # fact, some dynamic resources consider that a feature. The important > # distinction here is that the user did not request the side-effects, > # so therefore cannot be held accountable for them. > # > # -- http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1 > > but once all that's been said, it's really up to the implementations > to do the right thing. It seems worth noting here that Zope makes this even worse: "procedure calls" won't necessarily be POSTs *or* GETs. > > > Fetching a URL into my local http cache doesn't cause a virus to > > > be executed or anything else bad to happen, and I wouldn't use > > > software where that kind of thing would be possible anyway. > > > > No, but it can cause actions you'll regret. You started this by bringing up > > one as a problem. Now, however, you're saying "well, that's no big deal". > > > > Which is it? No big deal? Or a problem? And if we can trigger actions you > > might or might not like, you can bet it'll honk off others. And if we can > > trigger actions, so can others, and those won't necessarily be innocent > > ones. > > If it happens once in a while with an obscure site here and there, > that's much less of a problem than if some popular software like > Mailman is doing the wrong thing and sending out tens or hundreds > of thousands of these messages every day. (in part because every > time one of these is used, it helps legitimize the practice of > 'click this URL to unsub', which is the wrong message to be > sending to people.) Certainly. > I don't expect all the incorrect implementations in the world to > suddenly get fixed overnight, but I'm trying to get the ones I > know about fixed. But the problem here, Gerald, is that Chuq and I are having the "should the standard actually say this in the real world" conversation, and you're assuming that it should. Chuq's asked you for your reasons why you support this, him having given his... and so far, his outweigh yours, for *me*. > > One of the best things I think W3 could do in these cases is not only to > > write "good" "bad", but generate cookbooks of techniques, with explanations > > of why they're good, or why they ought to be avoided. Especially in the > > subtlties of the standards that might not be intuitively obvious, or which > > might be involved in emerging technologies (like wireless) that the typical > > designer hasn't had time to worry about yet (or doesn't know to worry > > about). > > I agree this kind of thing needs to be done, but I think it can > usually be done quite well by third parties, in online courses > and articles, printed books, etc. But like I said above, I think > W3C will start doing a bit more of this than we have in the past, > it's just a matter of finding the time... Um... *it's time*? HTTP underlays half the planet. Someone needs to explain that to the people who pay the bills of the folks on the committee. > > >> And the more I think about it, the more it's an interesting > > >> point -- but on more than one level. Has W3c considered the > > >> implications of defining a standard that depends on voluntary > > >> acceptance here? > > > > > > Which Internet standards *don't* depend on voluntary acceptance? > > > > But there's a difference here -- we're talking about possible > > security issues, not just whether someone adopts a tag. > > A bad implementation of a spec can always cause security problems. Precisely our point. Thank you. :-) > This distinction between GET and POST in the HTTP protocol is > specifically there to *prevent* problems: if I make a stock trade > using an online brokerage and then hit my browser's "back" and > "forward" buttons, I don't want the same transaction executed again! > That's why brokerages, banks, and other quality sites use POST for > such transactions, and browsers written to the spec will prompt the > user for confirmation before rePOSTing a form. No, that's why anyone competent doing that sort of coding will put a Transaction Sequence Number cookie in a hidden field in the form, and bounce duplicate submissions. Depending on the browser there is another of those false senses of security Chuq was talking about earlier. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From claw@2wire.com Tue Jul 17 19:30:50 2001 From: claw@2wire.com (J C Lawrence) Date: Tue, 17 Jul 2001 11:30:50 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: Message from Thomas Wouters of "Tue, 17 Jul 2001 10:34:22 +0200." <20010717103422.J5396@xs4all.nl> References: <20010717103422.J5396@xs4all.nl> Message-ID: <9488.995394650@2wire.com> On Tue, 17 Jul 2001 10:34:22 +0200 Thomas Wouters wrote: > After some careful consideration, as well as a chat with a few > clueful colleagues, I have to disagree with you, Barry. The trick > here is 'managing the expectations'. Having the message say > something like > To confirm or remove your subscription request, visit > And then have that URL bring up a nice overview of what list you > are subscribing to, the options you chose > (regular-digest/mime-digest/etc), what email address you entered, > and 'remove' and 'confirm' buttons. Agreed. Which is the greater value: Yet more automated hand-holding for the uncertain/unfacile or Faster and more direct operation for the masses From a list owner perspective I know which side I'd prefer. > Frankly, it's always bothered me that you can't unconfirm a > mailinglist subscription, let alone not being able to see what you > are subscribing to ;P > Extra credit if you make the URL (or something similar) also work > if a subscription is held for approval, but without a 'confirm' > button -- just a 'remove' one. Actually, the same kind of > interface for a held message would be great, too :) Yup, especially the latter (I have several who persist in sending in dupes before they remember its a hand moderated list). -- J C Lawrence ("`-''-/").___..--''"`-._ ---------(*) `6_ 6 ) `-. ( ).`-.__.`) claw@kanga.nu (_Y_.)' ._ ) `._ `. ``-..-' http://www.kanga.nu/~claw/ _..`--'_..-_/ /--'_.' ,' I never claimed I was human (il),-'' (li),' ((!.-' From alaric@babcom.com Tue Jul 17 20:02:30 2001 From: alaric@babcom.com (Phil Stracchino) Date: Tue, 17 Jul 2001 12:02:30 -0700 Subject: [Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2 In-Reply-To: <20010717103422.J5396@xs4all.nl>; from thomas@xs4all.net on Tue, Jul 17, 2001 at 10:34:22AM +0200 References: <15184.31080.663487.123985@anthem.wooz.org> <20010717103422.J5396@xs4all.nl> Message-ID: <20010717120230.A26943@babylon5.babcom.com> On Tue, Jul 17, 2001 at 10:34:22AM +0200, Thomas Wouters wrote: > After some careful consideration, as well as a chat with a few clueful > colleagues, I have to disagree with you, Barry. The trick here is 'managing > the expectations'. Having the message say something like > > To confirm or remove your subscription request, visit > > > And then have that URL bring up a nice overview of what list you are > subscribing to, the options you chose (regular-digest/mime-digest/etc), what > email address you entered, and 'remove' and 'confirm' buttons. Frankly, it's > always bothered me that you can't unconfirm a mailinglist subscription, let > alone not being able to see what you are subscribing to ;P > > Extra credit if you make the URL (or something similar) also work if a > subscription is held for approval, but without a 'confirm' button -- just a > 'remove' one. Actually, the same kind of interface for a held message would > be great, too :) I agree strongly that this is the _RIGHT_ way to do it, and it complies with W3C standards as well. Opening the URL should not just go ahead and do something, and many people may be angry if it does. It should tell the user what it's offering to do, and then allow the user to make an informed decision about whether to do it or cancel it. After all, it's only one extra click. Keep in mind that there are foolish people out there who use mail clients from evil software monopolists that can be configured to automatically preload URLs contained in mail, and some of them do so configure them. Then everyone on the list has to deal with, "How did I get on this list? Stop sending me mail!" -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek alaric@babcom.com halmayne@sourceforge.net 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) From chuqui@plaidworks.com Wed Jul 18 01:27:52 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Tue, 17 Jul 2001 17:27:52 -0700 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: <20010717023524.C1482@impressive.net> Message-ID: On 7/16/01 11:35 PM, "Gerald Oskoboiny" wrote: > I think the HTTP spec is fairly clear about most of this: Gerald - I hope this is taken in a team-building way, since it's what I intend it to be.=20 > 9.1.1 Safe Methods >=20 > Implementors should be aware that the software represents the user in [... Etc ...] This section is written like most good Unix man pages. It speaks volumes to someone who already knows the answer, and is pretty much opaque to someone who doesn't.=20 If I were coming to it cold, researching the protocol, I'd leave it again without any real idea that there are significant problems that I ought to b= e aware of. And even if I have some idea there are problems to worry about, I wouldn't have a clue what to worry about. Even after our discussion already= , I find this very illuminating. Now, I've been doing internet stuff for 20 years, and HTTP/Web stuff since 1995, and even with my background, I find this doesn't really say anything to me about any of the issues I should be warned about here. It's very nice, but it speaks to the choir who already knows what it speaks of. To an outsider, it not only doesn't illuminate, it doesn't do a thing to tell me why the choir is a good thing to join, either= . So if I'm doing my research, I read it through, and go off and do whatever = I was planning on doing in the first place, without ever really knowing that = I just tripped over an iceberg. > but once all that's been said, it's really up to the implementations > to do the right thing. And the implementors are given basically no guidance on how, or even why. And very little what. Which makes it really hard for the implementor to get it right, and even harder for them to care -- what with deadlines and bosse= s and other things actively in their faces, this stuff just isn't going to ge= t a lot of visibility with the people you need to be evangelizing. > If it happens once in a while with an obscure site here and there, > that's much less of a problem than if some popular software like > Mailman is doing the wrong thing I'm sorry, but I consider this ducking the issue again. You're completely ignoring the white hat/black hat issue,and hiding behind "obscure" and "not a significant issue" and other rationalizations, while still trying to prov= e that Mailman is none of those, and therefore ought to consider this a crisi= s issue.=20 But since I've tried three times now to get you to deal with this double-standard and gotten nowhere, I'll drop it. No sense beating a dead horse. You clearly don=B9t' want to deal with the issue, so I'll stop pushing= . But I'm disappointed, to be honest about it. > I don't expect all the incorrect implementations in the world to > suddenly get fixed overnight, but I'm trying to get the ones I > know about fixed. Which ignores the larger issue of the standard encouraging implementations of tools that run into these problems, without dealing with the problems themselves, and leaving it up to the implementor to figure out how to "do the right thing" to avoid whatever those bogeymen are, which can't, basically, be known ahead of time. This all comes across to me as the prerson who decided that Microsoft's e-mail client would -- by default -- execute included .EXE files, because what's the worst that could happen? > I agree this kind of thing needs to be done, but I think it can > usually be done quite well by third parties, Which is a great way to duck responsibility, not get it done, and be able t= o blame someone else when something bad happens because this stuff didn't exist. > A bad implementation of a spec can always cause security problems. But the problem here is that gET itself is the security problem, as the functionality currently exists, and you're trying to 'fix' the problem by creating a standard that says "don't do that". THAT doesn't work. Because even if it does work with all us whitehats, the blackhats are simply going to look at it with even more glee, since it's even less expected of the end user when those side effects click in. But enough. You and I simply don't see eye to eye here, and clearly won't, and I'll shut up now. You want to focus on the micro issue of Mailman, whil= e I see that as a non-issue compared to the macro issues you are ignoring. An= d it looks like impasse. --=20 Chuq Von Rospach, Internet Gnome [ =3D =3D ] Yes, yes, I've finally finished my home page. Lucky you. I recommend the handyman's secret weapon: duct tape. From barry@digicool.com Wed Jul 18 02:08:59 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Tue, 17 Jul 2001 21:08:59 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> Message-ID: <15188.57771.983805.886886@anthem.wooz.org> I was pulled away on other work for most of the day, but I think I've caught up with the whole thread. On the micro-issue of what Mailman's ttw confirmation should do, I am much more swayed by Thomas's observation that we can actually add useful value by providing a form that allows the user to confirm or discard his request. Given that I agree with everything Chuq et al have said about the inherent insecurity of GET, that seemed to me a more persuasive argument as it pertains narrowly to Mailman. Unless someone wants to volunteer to do usability studies (for which I don't have the time), I propose to change confirm.py to POST a form, and to pull in the ability to cancel held postings and subscription requests. Good idea Thomas. But I definitely appreciate the discussions Gerald initiated, and I'm glad he did that. Hopefully, Gerald can bring the very valid concerns raised here before the W3C and the standards authors. I think they're vitally important to where the web is going. The security and privacy of the web has such a deservedly poor reputation, what with JavaScript and Java vulnerabilities (and the increasing number of sites that are simply unnavigatable without them), client-side trojans, web bugs, hijacked ActiveX certificates etc. etc. I really wish browser vendors would err on the side of security and privacy than on convenience. Sucker the user in enough times, or sucker enough of them in and the web will not be able to recover. -Barry From chuqui@plaidworks.com Wed Jul 18 04:35:13 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Tue, 17 Jul 2001 20:35:13 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <15188.57771.983805.886886@anthem.wooz.org> Message-ID: On 7/17/01 6:08 PM, "Barry A. Warsaw" wrote: > Good idea Thomas. Agreed. I'm all for it, also. > I really wish browser vendors > would err on the side of security and privacy than on convenience. They won't until their users do, and to be honest, the loud minority notwithstanding, that's what they are -- a loud minority. And to some degree the loud part does their cause a disservice, because they get written off by many people because they tend to be so strident, while Joe User simply doesn't care -- and nobody's done a good job trying to convince Joe User he should. > Sucker the user in enough times, or sucker enough of them in and the > web will not be able to recover. Unfortunately, Barry, you're wrong. Don't believe me? Look at all of the spam that's nothing more than an electronic version of the same old scams that they've been trying to wipe out of the paper postal service for generations.... -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. I'm really easy to get along with once you people learn to worship me. From les@2pi.org Wed Jul 18 07:50:33 2001 From: les@2pi.org (Les Niles) Date: Tue, 17 Jul 2001 23:50:33 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <15188.57771.983805.886886@anthem.wooz.org> (barry@digicool.com) References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> <15188.57771.983805.886886@anthem.wooz.org> Message-ID: <200107180650.XAA23833@mutiny.2pi.org> On Tue, 17 Jul 2001 21:08:59 -0400 barry@digicool.com (Barry A. Warsaw) wrote: >I was pulled away on other work for most of the day, but I think I've >caught up with the whole thread. > >On the micro-issue of what Mailman's ttw confirmation should do, I am >much more swayed by Thomas's observation that we can actually add >useful value by providing a form that allows the user to confirm or >discard his request. Given that I agree with everything Chuq et al >have said about the inherent insecurity of GET, that seemed to me a >more persuasive argument as it pertains narrowly to Mailman. > >Unless someone wants to volunteer to do usability studies (for which I >don't have the time), I propose to change confirm.py to POST a form, >and to pull in the ability to cancel held postings and subscription >requests. Good idea Thomas. > >But I definitely appreciate the discussions Gerald initiated, and I'm >glad he did that. Hopefully, Gerald can bring the very valid concerns >raised here before the W3C and the standards authors. I think they're >vitally important to where the web is going. The security and privacy >of the web has such a deservedly poor reputation, what with JavaScript >and Java vulnerabilities (and the increasing number of sites that are >simply unnavigatable without them), client-side trojans, web bugs, >hijacked ActiveX certificates etc. etc. I really wish browser vendors >would err on the side of security and privacy than on convenience. >Sucker the user in enough times, or sucker enough of them in and the >web will not be able to recover. > >-Barry This whole controversy might be my fault -- I don't know the pedigree of Barry's implementation, but I'd submitted a confirm-by-visiting-this-URL patch several months ago. Hey, what can I say? it was a quick hack. But since it was implemented I don't think I've had one I-can't-follow-the-instructions-to-confirm exchange with a cluefully-challenged proto-subscriber; neither have I had a single complaint about misuse of GET. The discussion has been thought-provoking. I'm not entirely swayed to the position that it's morally wrong to use GET in this case, where repeating the GET doesn't have any effect beyond what was caused by the first. But Barry has a good point, that Thomas' idea adds value. IMHO it's a much better UI -- no matter how much text surrounds it, a URL in email isn't as clearly delineated as a big fat button in the middle of a web page. Having a "don't confirm" button also is even better. And regardless, using POST instead of GET is a fairly simple change. From a pragmatic point of view, there's not much reason not to comply with the published standard, even if its justification is weak. (This is not to devalue the discussion and debate of the W3C's position.) -les From maxy@turbolinux.com.cn Wed Jul 18 10:44:33 2001 From: maxy@turbolinux.com.cn (Max Yu) Date: Wed, 18 Jul 2001 17:44:33 +0800 Subject: [Mailman-Developers] Suggestion to add multiple language support Message-ID: <3B555A81.DFAD0ED5@turbolinux.com.cn> Hi, Currently Mailman only supports English, this is not very convenient to average people living outside English spoken countries. So maybe it will be great help if Mailman can support other languages, and let users choose which language he wants to use. I guess this may need to add more templates directory in the source tree, one directory for a language. Or something like that. I can help to write templates for Simplified Chinese, if you need it. Thanks. Best Regards, Max From angeles.moreno@senado.es Wed Jul 18 12:40:37 2001 From: angeles.moreno@senado.es (Angeles Moreno Camarero) Date: Wed, 18 Jul 2001 13:40:37 +0200 Subject: [Mailman-Developers] unsubscribe Message-ID: <003e01c10f7e$78036970$660a9696@senado.es> This is a multi-part message in MIME format. ------=_NextPart_000_003A_01C10F8F.3A83F130 Content-Type: multipart/alternative; boundary="----=_NextPart_001_003B_01C10F8F.3A83F130" ------=_NextPart_001_003B_01C10F8F.3A83F130 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable unsubscribe ------=_NextPart_001_003B_01C10F8F.3A83F130 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

    unsubscribe
    ------=_NextPart_001_003B_01C10F8F.3A83F130-- ------=_NextPart_000_003A_01C10F8F.3A83F130 Content-Type: text/x-vcard; name="=?Windows-1252?Q?=C1ngeles_Moreno_Camarero.vcf?=" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="=?Windows-1252?Q?=C1ngeles_Moreno_Camarero.vcf?=" BEGIN:VCARD VERSION:2.1 N:Moreno Camarero;=C1ngeles FN:=C1ngeles Moreno Camarero EMAIL;PREF;INTERNET:angeles.moreno@senado.es REV:20010718T114037Z END:VCARD ------=_NextPart_000_003A_01C10F8F.3A83F130-- From thomas@xs4all.net Wed Jul 18 12:45:49 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Wed, 18 Jul 2001 13:45:49 +0200 Subject: [Mailman-Developers] Suggestion to add multiple language support In-Reply-To: <3B555A81.DFAD0ED5@turbolinux.com.cn> References: <3B555A81.DFAD0ED5@turbolinux.com.cn> Message-ID: <20010718134519.A2054@xs4all.nl> On Wed, Jul 18, 2001 at 05:44:33PM +0800, Max Yu wrote: > Currently Mailman only supports English, this is not very > convenient to average people living outside English spoken > countries. So maybe it will be great help if Mailman can > support other languages, and let users choose which language > he wants to use. > I guess this may need to add more templates directory in the > source tree, one directory for a language. Or something like > that. You need to check out the Mailman 2.1 CVS tree or the 2.1a2 release. It has full internationalization support. Lists can have a default language (for the listinfo page and such), and users can select their own languages, which overrides the list language. > I can help to write templates for Simplified Chinese, if you > need it. I'm sure that would be much appreciated. -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From wael.eskandar@streamitech.com Wed Jul 18 22:07:05 2001 From: wael.eskandar@streamitech.com (Willy) Date: Wed, 18 Jul 2001 21:07:05 GMT Subject: [Mailman-Developers] Locks In-Reply-To: <20010718134519.A2054@xs4all.nl> References: <3B555A81.DFAD0ED5@turbolinux.com.cn> <20010718134519.A2054@xs4all.nl> Message-ID: <20010718210705.70781.qmail@gawab.com> I was working on an arabic interface for the mailman 2.0 , and I was faced with the problem that some locks occur when I run the CGI scripts. What would be the cause of such locks ? Also I noticed when trying to approve 2 messages at the same time from the admindb script.. a lock occurs? is this an error in mailman ?? Will streamIT STREAM INFORMATION TECHNOLOGY http://www.streamitech.com P:+2-02-7606714 | +2-02-7603110 From jra@baylink.com Wed Jul 18 14:33:37 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 18 Jul 2001 09:33:37 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <200107180650.XAA23833@mutiny.2pi.org>; from Les Niles on Tue, Jul 17, 2001 at 11:50:33PM -0700 References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> <15188.57771.983805.886886@anthem.wooz.org> <200107180650.XAA23833@mutiny.2pi.org> Message-ID: <20010718093337.47061@scfn.thpl.lib.fl.us> On Tue, Jul 17, 2001 at 11:50:33PM -0700, Les Niles wrote: > And regardless, using POST instead of > GET is a fairly simple change. From a pragmatic point of view, > there's not much reason not to comply with the published standard, > even if its justification is weak. Actually, alas, this is the crux of the discussion. It is *not* a fairly simple change: you can't POST *from the middle of an email*, which was the desired implementation. If you use POST, the user *has to do another thing*. There is much reason not to comply with the published standard: people are stupid. Shame, isn't it? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From les@2pi.org Wed Jul 18 15:56:46 2001 From: les@2pi.org (Les Niles) Date: Wed, 18 Jul 2001 07:56:46 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718093337.47061@scfn.thpl.lib.fl.us> (jra@baylink.com) References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> <15188.57771.983805.886886@anthem.wooz.org> <200107180650.XAA23833@mutiny.2pi.org> <20010718093337.47061@scfn.thpl.lib.fl.us> Message-ID: <200107181456.HAA24335@mutiny.2pi.org> On Wed, 18 Jul 2001 09:33:37 -0400 "Jay R. Ashworth" wrote: >On Tue, Jul 17, 2001 at 11:50:33PM -0700, Les Niles wrote: >> And regardless, using POST instead of >> GET is a fairly simple change. From a pragmatic point of view, >> there's not much reason not to comply with the published standard, >> even if its justification is weak. > >Actually, alas, this is the crux of the discussion. It is *not* a >fairly simple change: you can't POST *from the middle of an email*, >which was the desired implementation. If you use POST, the user *has >to do another thing*. Well, yeah, but as I said, I think having the user do another thing actually makes for a much nicer UI. My "simple change" comment was intended to refer to the coding effort. (Hmm... seems like it would be possible to POST from a text/html section in the middle of an email... but I'm sure not going to suggest that. :) >There is much reason not to comply with the published standard: people >are stupid. Shame, isn't it? I'm not sure which stupidity you're talking about. Are you concerned that people will launch the link from the email but then not push the "confirm" (or "cancel") button? -les From jra@baylink.com Wed Jul 18 16:36:13 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 18 Jul 2001 11:36:13 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <200107181456.HAA24335@mutiny.2pi.org>; from Les Niles on Wed, Jul 18, 2001 at 07:56:46AM -0700 References: <20010714193201.A31163@impressive.net> <20010716203828.C24341@impressive.net> <15187.48134.59109.612907@anthem.wooz.org> <20010717025309.D1482@impressive.net> <15188.57771.983805.886886@anthem.wooz.org> <200107180650.XAA23833@mutiny.2pi.org> <20010718093337.47061@scfn.thpl.lib.fl.us> <200107181456.HAA24335@mutiny.2pi.org> Message-ID: <20010718113613.54697@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 07:56:46AM -0700, Les Niles wrote: > >Actually, alas, this is the crux of the discussion. It is *not* a > >fairly simple change: you can't POST *from the middle of an email*, > >which was the desired implementation. If you use POST, the user *has > >to do another thing*. > > Well, yeah, but as I said, I think having the user do another thing > actually makes for a much nicer UI. Alas, Chuq's assertion, which would not surprise me in the least, proved it true, is that it does *not*; it gets you lots of stupid support questions. > My "simple change" comment > was intended to refer to the coding effort. (Hmm... seems like it > would be possible to POST from a text/html section in the middle of > an email... but I'm sure not going to suggest that. :) :-) Small Matter Of Programming. > >There is much reason not to comply with the published standard: people > >are stupid. Shame, isn't it? > > I'm not sure which stupidity you're talking about. Are you > concerned that people will launch the link from the email but then > not push the "confirm" (or "cancel") button? I personally wasn't concerned with that, but Chuq seems to be (unless I've misread him) and he as a *much* larger stable of experience on the topic. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From barry@digicool.com Wed Jul 18 16:39:32 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed, 18 Jul 2001 11:39:32 -0400 Subject: [Mailman-Developers] Suggestion to add multiple language support References: <3B555A81.DFAD0ED5@turbolinux.com.cn> Message-ID: <15189.44468.396640.837091@anthem.wooz.org> >>>>> "MY" == Max Yu writes: MY> Currently Mailman only supports English, this is not very MY> convenient to average people living outside English spoken MY> countries. So maybe it will be great help if Mailman can MY> support other languages, and let users choose which language MY> he wants to use. MY> I guess this may need to add more templates directory in the MY> source tree, one directory for a language. Or something like MY> that. As Thomas has said, MM2.1 will be fully multi-lingual. MY> I can help to write templates for Simplified Chinese, if you MY> need it. That would be great. Please coordinate the effort on mailman-i18n@python.org. Thanks, -Barry From jra@baylink.com Wed Jul 18 16:42:05 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 18 Jul 2001 11:42:05 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: ; from Chuq Von Rospach on Wed, Jul 18, 2001 at 08:27:15AM -0700 References: <200107181456.HAA24335@mutiny.2pi.org> Message-ID: <20010718114205.35111@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 08:27:15AM -0700, Chuq Von Rospach wrote: > You have to step back and stop thinking that the people using these systems > are (a) computer people, (b) think like you do, and [c] actually understand > how these systems work and can guess what it takes to jump through your > hoops. They don't. Every chance you give them to get it wrong, some will. > Not everyone is a geek (or wants to be), not everyone is an > english-first-language speaker, not everyone has experience in mail lists, > not everyone can easily read instructions and translate them into a > requested action. They need handholding, not because their stupid, but > because we've done a lousy job of building systems that don't require them > to be geeks, and then we blame THEM for not being geeks. I wish to ... what's the opposite of concur? :-) with your learned opinion on this specific point, Chuq. I'm afraid there *are* *lots* of people on the internet for whom "stupid" is not an epithet, but merely descriptive. They really are. They won't, don't or can't read, think, and understand things. Things as simple as "please click this button to confirm that you want to be added to this list. If you don't, you don't need to do anything at all". Which is, is it not, what we were talking about in the first place... I'm sorry, but when it gets that simple, I can't attribute it to ignorance, or lach of technical inclination. It is just stupidity. We asked for it. We're getting it. "So easy to use, it's no *wonder* the Internet is going to hell!" Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From chuqui@plaidworks.com Wed Jul 18 18:45:15 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 10:45:15 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718113613.54697@scfn.thpl.lib.fl.us> Message-ID: On 7/18/01 8:36 AM, "Jay R. Ashworth" wrote: >> I'm not sure which stupidity you're talking about. Are you >> concerned that people will launch the link from the email but then >> not push the "confirm" (or "cancel") button? > > I personally wasn't concerned with that, but Chuq seems to be (unless > I've misread him) and he as a *much* larger stable of experience on the > topic. In some cases, it's not as big an issue, but with my big server (the one that does the marketing stuff), there's a strong charter to make sure everyone get on the list (but nobody who doesn't want to be there). Very big pressure to remove any hoop that needs to be jumped through or bar that needs to be jumped over, unless it absolutely has to be there. So understanding the needs of the non-geek, and making things as simple as possible, are big issues with me. It doesn't hurt that I have an 80 year old mom that loves her iMac, loves her e-mail, and is still fascinated AND intimidated by this stuff to keep me honest. She's not stupid -- she's just not a geek. And working with her causes me to ALWAYS try to understand how people like her see this stuff, because how she sees it is very different than how I see it. If you don't have someone like that around to keep you honest, adopt one. Seriously. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. 95% of being a net.god is sounding persuasive and convincing people you know what you're talking about, even when you're making it up as you go along. (chuq von rospach, 1992) From chuqui@plaidworks.com Wed Jul 18 18:47:22 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 10:47:22 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718114205.35111@scfn.thpl.lib.fl.us> Message-ID: On 7/18/01 8:42 AM, "Jay R. Ashworth" wrote: > I'm afraid there *are* *lots* of people on the internet for whom > "stupid" is not an epithet, but merely descriptive. They really are. Stupid people exist. I'm not claiming that's not true. I'm claiming that many of the people we write off as stupid aren't. They simply aren't US. No matter WHAT you do, the stupid people will still be stupid. But we far too often use "they're stupid" as an excuse to not do our job and make it easy for people who simply don't live, eat and breathe computers. But Jay's right. No matter how easy you make it, some people will still screw it up. But that's no excuse to not make it easy. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. I recommend the handyman's secret weapon: duct tape. From Dale Newfield Wed Jul 18 19:02:19 2001 From: Dale Newfield (Dale Newfield) Date: Wed, 18 Jul 2001 14:02:19 -0400 (EDT) Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718114205.35111@scfn.thpl.lib.fl.us> Message-ID: On Wed, 18 Jul 2001, Jay R. Ashworth wrote: > Things as simple as "please click this button to confirm that you want > to be added to this list. If you don't, you don't need to do anything > at all". Which is, is it not, what we were talking about in the first > place... You're making the assumption that people can "click this button" in their mail readers. We don't know that. We do know that once they are looking at the page in their web browser, they can definitely "click this button" to confirm (or do nothing). -Dale From chuqui@plaidworks.com Wed Jul 18 19:14:03 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 11:14:03 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: Message-ID: On 7/18/01 11:02 AM, "Dale Newfield" wrote: > You're making the assumption that people can "click this button" in their > mail readers. We don't know that. We do know that once they are looking > at the page in their web browser, they can definitely "click this button" > to confirm (or do nothing). The answer is this: In the confirming email, you say something like: To confirm your subscription, please use this link: http://www.foo.com/mailman/confirm/XXXXXX If this link doesn't work for you, then go to http://www.foo.com/mailman/confirm, and use code XXXXXX to confirm your subscription. If someone goes to /confirm, it brings up a page querying them for the confirmation number, which is some value that Mailman generates to link the user to the confirmation request. The shorter the better, so don't use things like e-mail address -- generate a unique value, and (as always) make it case insensitive, and watch out for the normal gotchas, like '1' and 'l' or '0' and 'O'. Don't assume they're going to be able to suck the code out of the URL, don't assume they'll cut and paste, and don't assume they can take a long string and type it in without typos. So keep it short and clean. Five or six characters, preferably [A-Z0-9], and don't presume english, since Mailman is international. So it's better to use unambiguous random characters than english-like passwords... -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Always look away from the obvious answers, because if you don't find a better one, you can always go back to them on short notice. From Dale Newfield Wed Jul 18 19:23:36 2001 From: Dale Newfield (Dale Newfield) Date: Wed, 18 Jul 2001 14:23:36 -0400 (EDT) Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: Message-ID: On Wed, 18 Jul 2001, Chuq Von Rospach wrote: > If someone goes to /confirm, it brings up a page querying them for the > confirmation number, which is some value that Mailman generates to > link the user to the confirmation request. If you want to remove one more step while still obeying the HTTP standard, that submission could be via POST and short-cut the bringing up of the next page on which they'd have to hit the "confirm" button... -Dale From les@2pi.org Wed Jul 18 19:54:36 2001 From: les@2pi.org (Les Niles) Date: Wed, 18 Jul 2001 11:54:36 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: (message from Chuq Von Rospach on Wed, 18 Jul 2001 08:27:15 -0700) References: Message-ID: <200107181854.LAA24752@mutiny.2pi.org> On Wed, 18 Jul 2001 08:27:15 -0700 Chuq Von Rospach wrote: >On 7/18/01 7:56 AM, "Les Niles" wrote: > >>> There is much reason not to comply with the published standard: people >>> are stupid. Shame, isn't it? >> >> I'm not sure which stupidity you're talking about. Are you >> concerned that people will launch the link from the email but then >> not push the "confirm" (or "cancel") button? > >I won't use the word "stupid" -- because it's not really the right word. But >unskilled, or naïve is. Absolutely -- I would never refer to the set of users that have problems with the mailing lists as "stupid." Unskilled, or unfamiliar with this electronic communications paradigm, yes, but the individuals are almost never truly stupid (which is a gross and mostly irrelevant measure anyway). I happen to run mailing lists where most of the subscribers have demonstrated some significant technical savvy, but nothing to do with computers. A small but non-zero percentage just couldn't deal with the mail-back confirmation, even with a lot of handholding. That's why I hacked up the confirm-by-GETting patch in the first place. One of the not-uncommon characteristics that I've noticed about novices is to adopt a semi-random reading/browsing style. That is, given a page, whether a web page or an email message, containing chunks of text and various links, they'll tend to read the text blocks and visit the links in a somewhat random order. This is not unreasonable given the design of a lot of web pages, and is almost encouraged by the hypertext model in the first place. Since links in email are rendered as just a textual URL, such a user will have about a 50-50 chance of clicking the confirm-subscription link before reading about what it does. I guess that's the main reason I think that launching a page with a couple of big, fat, clearly-labeled POST buttons to do the actual confirm/don't confirm is a better UI. Unix hard-cores like myself -- the sort who use aliases because the 3-character command names are too much to type -- will chafe at the extra mouse click that's required, but we'll deal with it. -les From jra@baylink.com Wed Jul 18 20:29:48 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 18 Jul 2001 15:29:48 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: ; from Dale Newfield on Wed, Jul 18, 2001 at 02:02:19PM -0400 References: <20010718114205.35111@scfn.thpl.lib.fl.us> Message-ID: <20010718152948.34999@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 02:02:19PM -0400, Dale Newfield wrote: > On Wed, 18 Jul 2001, Jay R. Ashworth wrote: > > Things as simple as "please click this button to confirm that you want > > to be added to this list. If you don't, you don't need to do anything > > at all". Which is, is it not, what we were talking about in the first > > place... > > You're making the assumption that people can "click this button" in their > mail readers. We don't know that. We do know that once they are looking > at the page in their web browser, they can definitely "click this button" > to confirm (or do nothing). You've misunderstood me. I was *not* making the assumption that people could "click this button" in their mailreaders, and, in fact, I think that mailreaders that interpret HTML are the Spawn of Satan. *My* point was that not allowing the GET to *do the work* *required* the user to then click a button on the resulting webpage, whereas allowing the GET to do the unsubscribe permitted the user to receive a page which merely said "you@your.place has been unsubscribed; we promise to miss you if you'll just go away." You can't do that if they GET isn't allowed to do the work. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From jra@baylink.com Wed Jul 18 20:32:02 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 18 Jul 2001 15:32:02 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: ; from Chuq Von Rospach on Wed, Jul 18, 2001 at 11:14:03AM -0700 References: Message-ID: <20010718153202.21790@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 11:14:03AM -0700, Chuq Von Rospach wrote: > In the confirming email, you say something like: > > To confirm your subscription, please use this link: > > http://www.foo.com/mailman/confirm/XXXXXX > > If this link doesn't work for you, then go to > http://www.foo.com/mailman/confirm, and use code XXXXXX to confirm your > subscription. > > If someone goes to /confirm, it brings up a page querying them for the > confirmation number, which is some value that Mailman generates to link the > user to the confirmation request. The shorter the better, so don't use > things like e-mail address -- generate a unique value, and (as always) make > it case insensitive, and watch out for the normal gotchas, like '1' and 'l' > or '0' and 'O'. Don't assume they're going to be able to suck the code out > of the URL, don't assume they'll cut and paste, and don't assume they can > take a long string and type it in without typos. So keep it short and clean. > Five or six characters, preferably [A-Z0-9], and don't presume english, > since Mailman is international. So it's better to use unambiguous random > characters than english-like passwords... Alas, this is *just like* making the GET active, only worse. At least, with the GET approach, you had the chance, as an automagic link snarfer, to *avoid* that link, since you could see that it was active. This method,just like the similar problem I alluded to with Zope, prohibits even that optimization: you can't *tell* the link is active. I like that even less. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From chuqui@plaidworks.com Wed Jul 18 20:51:28 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 12:51:28 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718153202.21790@scfn.thpl.lib.fl.us> Message-ID: On 7/18/01 12:32 PM, "Jay R. Ashworth" wrote: > Alas, this is *just like* making the GET active, only worse. How? I'm confused. Either way, you end up at a page with the confirmation information and an "accept" button (or use whatever terminology you want). If you think that's wrong, what do you think would work? I'm lost where you're headed here. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. I wish I could say your enthusiasm was contagious... From jra@baylink.com Wed Jul 18 21:01:37 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Wed, 18 Jul 2001 16:01:37 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: ; from Chuq Von Rospach on Wed, Jul 18, 2001 at 12:51:28PM -0700 References: <20010718153202.21790@scfn.thpl.lib.fl.us> Message-ID: <20010718160137.63335@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 12:51:28PM -0700, Chuq Von Rospach wrote: > On 7/18/01 12:32 PM, "Jay R. Ashworth" wrote: > > Alas, this is *just like* making the GET active, only worse. > > How? I'm confused. Either way, you end up at a page with the confirmation > information and an "accept" button (or use whatever terminology you want). > > If you think that's wrong, what do you think would work? I'm lost where > you're headed here. The two suggested approaches were, as I understood them, a URL embedded in the mail with a GET that was active and actually *did* the unsibscribe, and a URL embedded in the mail with a "pseudo-GET"; that is, there is no "?", but the URL is *still* magic, and performs the action when the URL is retrieved. If I correctly understood your latter suggestion, then that's even worse, because 'scoopers' can't even avoid it -- it's not marked as 'magic' by the "?" character in the URL. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From gerald@impressive.net Wed Jul 18 21:29:52 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Wed, 18 Jul 2001 16:29:52 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718160137.63335@scfn.thpl.lib.fl.us>; from jra@baylink.com on Wed, Jul 18, 2001 at 04:01:37PM -0400 References: <20010718153202.21790@scfn.thpl.lib.fl.us> <20010718160137.63335@scfn.thpl.lib.fl.us> Message-ID: <20010718162952.F2455@impressive.net> On Wed, Jul 18, 2001 at 04:01:37PM -0400, Jay R. Ashworth wrote: > On Wed, Jul 18, 2001 at 12:51:28PM -0700, Chuq Von Rospach wrote: > > On 7/18/01 12:32 PM, "Jay R. Ashworth" wrote: > > > Alas, this is *just like* making the GET active, only worse. > > > > How? I'm confused. Either way, you end up at a page with the confirmation > > information and an "accept" button (or use whatever terminology you want). > > > > If you think that's wrong, what do you think would work? I'm lost where > > you're headed here. > > The two suggested approaches were, as I understood them, a URL embedded > in the mail with a GET that was active and actually *did* the > unsibscribe, and a URL embedded in the mail with a "pseudo-GET"; that > is, there is no "?", but the URL is *still* magic, and performs the > action when the URL is retrieved. > > If I correctly understood your latter suggestion, then that's even > worse, because 'scoopers' can't even avoid it -- it's not marked as > 'magic' by the "?" character in the URL. URLs are not 'magic' just because they have a "?" character in them; prefetchers can fetch URLs whether or not they have "?"s. Those URLs could point to news articles or messages in mail archives or something just as well as anything else. The way to make a distinction between HTTP requests that have side effects and those that don't is to use the request method (get, post, etc); this is what the spec says, and this is what is implemented in popular sites, HTTP proxies, caches and user agents. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From ricardo@rixhq.nu Wed Jul 18 21:51:46 2001 From: ricardo@rixhq.nu (Ricardo Kustner) Date: Wed, 18 Jul 2001 22:51:46 +0200 Subject: [Mailman-Developers] module imports & performance ... disk I/O? In-Reply-To: <20010714181122.B6523@localhost>; from ricardo@rixhq.nu on Sat, Jul 14, 2001 at 06:11:23PM +0200 References: <20010714170821.A6523@localhost> <20010714172748.X5396@xs4all.nl> <20010714181122.B6523@localhost> Message-ID: <20010718225146.A1765@localhost> On Sat, Jul 14, 2001 at 06:11:23PM +0200, Ricardo Kustner wrote: > > If that isn't the problem, your best bet is to keep an eye on the system. > > 'iostat' (need to install it separately on Linux, I think) and 'vmstat' can > > deliver a lot of useful info about why a task is taking so long. > I'm afraid you might be right about that... it could be the disk I/O but I'm > not sure yet... it's weird though, the previous setup had a very old disk so > I don't understand why it has become that much slower now with a much newer > disk. well I thought I was smart and created a 3mb ramdisk, copied the entire ~mailman/Mailman directory tree there and created a symbolic link to the ramdisk... I expected this would gain me at least some speed as all the Mailman modules are in the ramdisk... alas... It made absolutely no difference :( so I don't think disk I/O is the real issue... unless Mailman loads many core python modules... OTOH maybe it could be that my new setup has less free memory (I am running a stock kernel full of unnecessary stuff and a newer version of mysql) and it needs to swap whenever Mailman gets loaded into memory which would explain the huge delay at startup... -- Regards, Ricardo From chuqui@plaidworks.com Wed Jul 18 21:56:39 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 13:56:39 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718160137.63335@scfn.thpl.lib.fl.us> Message-ID: On 7/18/01 1:01 PM, "Jay R. Ashworth" wrote: > On Wed, Jul 18, 2001 at 12:51:28PM -0700, Chuq Von Rospach wrote: > If I correctly understood your latter suggestion, then that's even > worse, because 'scoopers' can't even avoid it -- it's not marked as > 'magic' by the "?" character in the URL. No, you didn't understand it correctly, then. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Any connection between your reality and mine is purely coincidental. From chuqui@plaidworks.com Wed Jul 18 21:59:03 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 13:59:03 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718162952.F2455@impressive.net> Message-ID: On 7/18/01 1:29 PM, "Gerald Oskoboiny" wrote: >> If I correctly understood your latter suggestion, then that's even >> worse, because 'scoopers' can't even avoid it -- it's not marked as >> 'magic' by the "?" character in the URL. > > URLs are not 'magic' just because they have a "?" character in > them; prefetchers can fetch URLs whether or not they have "?"s. > Those URLs could point to news articles or messages in mail archives > or something just as well as anything else. Yeah, you can't make that assumption. I've written systems that do: http://www.foo.bar/yada/token/token/token. One reason you do stuff like that is to keep URLs short, bcause email clients are notorious for munging them badly and inconsistently You can easily build systems that hide side effects from systems, which, of course, the blackhats will. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. USENET is a lot better after two or three eggnogs. We shouldn't allow anyone on the net without a bottle of brandy. (chuq von rospach, 1992) From barry@digicool.com Wed Jul 18 22:04:24 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Wed, 18 Jul 2001 17:04:24 -0400 Subject: [Mailman-Developers] Another big batch of checkins coming Message-ID: <15189.63960.203884.9246@anthem.wooz.org> I have another big batch of changes that are about to be checked in, and I wanted to give CVSers a heads up that there might be a bit of instability as all the commits go through. I promise to get back to the raging GET vs. POST debates after this "branch" is merged. The changes that are coming grew out of some discussions Dan Pierson of Control.com and I had at the 9th Python conference earlier this year. The features were fairly high on Control.com's wish list, and I felt that these features and changes were good for Mailman. Control.com funded some focussed work in these areas and the results of those efforts are what I'm going to be checking in. I want to thank Control.com, and especially Dan and Ken Crater for their support! From my perspective this kind of sponsorship was very successful, and could serve as a model for others willing to fund some Mailman development work . :) There are three general features that are being added. A brief overview follows: - a topic filter - membership adaptors - "virtual" mailing lists Topic filters allow a mailing list admininstrator to define topics, based on regular expressions, that list members can use to filter out some portion of a list's traffic. Topic matching is performed on the Subject: and Keywords: headers (with optional extension into message bodies). Individual users can select the topics they are interested in and will only receive message that match those topics. Topic filtering only works for regular delivery; topics have no effect on digests. Membership adaptors will allow a mailing list to get its membership information from any external source. Essentially, it's an API for accessing and changing all information related to a list's subscriber. The API was inspired in part by Chris Ryan's Datasource Implementation Template (see the Mailman wiki), although it only covers membership information (similar to Chris's MemberData class), and the API reflects my own design preferences. There is currently only one implemented adaptor: OldStyleMemberships which use all the traditional data structures in the MailList object. I've played with adaptors that can extract membership information from flat files, and have toyed with a ZODB based membership adaptor, but neither of those are ready for prime time yet, so I won't be checking them in. [Aside: although not sponsored directly by Control.com, the membership adaptors made it easy to add support for Real Names, so that will be part of the check too.] [Aside: additional ancillary changes allow MailList instance customizations via an extension framework. Also, the web GUI parts of the admin interface are being further componentized for easier customization.] Finally, there will be support for "virtual" mailing lists. Essentially, you create a normal list, but there are now two external interfaces which allow you to send a message to an explicit set of recipients, who need not be members of the list. The message to that set of members will look like it's coming from the real mailng list. The two interfaces are 1) a Python module you could import from your application, through which you could call Post.inject() with a message object, a list name, and a list of recipient email address; 2) a command line interface which an external process could call to pass the same information to Post.inject(). Enjoy, -Barry From gerald@impressive.net Wed Jul 18 22:24:14 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Wed, 18 Jul 2001 17:24:14 -0400 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: ; from chuqui@plaidworks.com on Tue, Jul 17, 2001 at 05:27:52PM -0700 References: <20010717023524.C1482@impressive.net> Message-ID: <20010718172414.G2455@impressive.net> On Tue, Jul 17, 2001 at 05:27:52PM -0700, Chuq Von Rospach wrote: > On 7/16/01 11:35 PM, "Gerald Oskoboiny" wrote: > > I think the HTTP spec is fairly clear about most of this: >=20 > Gerald - I hope this is taken in a team-building way, since it's what I > intend it to be.=20 Sure. I am trying to be clear but apparently not succeeding :( > > If it happens once in a while with an obscure site here and there, > > that's much less of a problem than if some popular software like > > Mailman is doing the wrong thing >=20 > I'm sorry, but I consider this ducking the issue again. You're complete= ly > ignoring the white hat/black hat issue,and hiding behind "obscure" and = "not > a significant issue" and other rationalizations, while still trying to = prove > that Mailman is none of those, and therefore ought to consider this a c= risis > issue.=20 >=20 > But since I've tried three times now to get you to deal with this > double-standard and gotten nowhere, I'll drop it. No sense beating a de= ad > horse. You clearly don=B9t' want to deal with the issue, so I'll stop p= ushing. > But I'm disappointed, to be honest about it. Hmm... I don't know how I managed to give the impression that I'm ducking this issue. It's clear that we are miscommunicating somehow. I consider all violations of this part of the HTTP spec to be a problem, but I don't think the problem is yet widespread enough that we need to declare the HTTP spec irrelevant and just use GET and POST with no regard for their intended semantics. I would like to try to get all the broken implementations that I know about fixed, but because my time is limited I tend to focus on the ones that I consider most important, currently Mailman. Because I know there are broken implementations out there, I would not recommend that most people try prefetching any URLs they see in their incoming email, but I wouldn't mind trying it myself because I'm a web nerd and I want to find out about broken implementations anyway. (and arrange for them to be fixed) Does any of that help clarify my position? Many of your other comments seem to be about the quality and clarity of the HTTP spec, which I don't think needs to be discussed here, but I encourage you to take it up elsewhere if you like. (e.g. www-talk, http://www.w3.org/Mail/Lists#www-talk ) --=20 Gerald Oskoboiny http://impressive.net/people/gerald/ From jj-list@mail.dk Wed Jul 18 22:49:48 2001 From: jj-list@mail.dk (Jesper Jensen) Date: Wed, 18 Jul 2001 23:49:48 +0200 Subject: [Mailman-Developers] Another big batch of checkins coming In-Reply-To: <15189.63960.203884.9246@anthem.wooz.org> Message-ID: <5.1.0.14.0.20010718231117.03487e98@pop3.mail.dk> Barry A. Warsaw wrote: >... >Finally, there will be support for "virtual" mailing lists. >Essentially, you create a normal list, but there are now two external >interfaces which allow you to send a message to an explicit set of >recipients, who need not be members of the list. The message to that >set of members will look like it's coming from the real mailng list. >The two interfaces are 1) a Python module you could import from your >application, through which you could call Post.inject() with a message >object, a list name, and a list of recipient email address; 2) a >command line interface which an external process could call to pass >the same information to Post.inject(). That sounds neat, though I'm not sure I got it right. If I'm calling Post.inject() with a message object, a list name and a list of e-mail adresses who will receive the e-mail? - Only the list of e-mail adresses?, or - Both the subscribed members and the list of e-mail adresses? So from here it should be pretty easy to set up a "thread inject manager" ;) In the simple form store a {messageid: sender e-mail addres} dictionary. On replies to a message, find the "original" sender, see if he is a list member and if not Post.inject() him. That way, communication with non-members stays on the list (and in the archives) (if the reply-to address is set to the list address). Or something like that ... Jesper. From benwa@ocentrix.com Wed Jul 18 22:35:28 2001 From: benwa@ocentrix.com (Ben Burnett) Date: Wed, 18 Jul 2001 14:35:28 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) Message-ID: <200107182135.f6ILZSK13620@mail.ocentrix.net> Re: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) ------- Original Copy ------- >Subject: Re: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) >Date: 07/18/2001 4:01 PM >From: "Jay R. Ashworth" >To: mailman-developers@python.org >On Wed, Jul 18, 2001 at 12:51:28PM -0700, Chuq Von Rospach wrote: >> On 7/18/01 12:32 PM, "Jay R. Ashworth" wrote: >> > Alas, this is *just like* making the GET active, only worse. >> >> How? I'm confused. Either way, you end up at a page with the confirmation >> information and an "accept" button (or use whatever terminology you want). >> >> If you think that's wrong, what do you think would work? I'm lost where >> you're headed here. > >The two suggested approaches were, as I understood them, a URL embedded >in the mail with a GET that was active and actually *did* the >unsibscribe, and a URL embedded in the mail with a "pseudo-GET"; that >is, there is no "?", but the URL is *still* magic, and performs the >action when the URL is retrieved. This is not the impression that I had I thought we were discussing two different possibilities. 1) the way it is done now. visit the link (inherently a get operation) and you are unsubscribed (or subscribed as the case may be). The page that you see when you visit this link tells you that the unsubscribe operation has been performed. 2) the way C3C wants it done. visit the link (still a get operation) and you are taken to a page where you have to submit a form in order to have the unsubscribe operation performed. > >If I correctly understood your latter suggestion, then that's even >worse, because 'scoopers' can't even avoid it -- it's not marked as >'magic' by the "?" character in the URL. It appears as though you might be mistaken as to what constitutes a GET request. Here is a multiple choice question to make sure we are all on the same page. Which of the following URLs is uses the GET method. x. http://host.domain.com/script.cgi?param=value y. http://host.domain.com/script.cgi z. http://host.domain.com/script.cgi/pathinfo?id=12 a) x. b) y. c) z. d) all of the above. e) none of the above. f) it depends on how the HTTP Client calls the url. The way I understand it the answer is "f) it depends on how the HTTP Client calls the url.". Having a "?" character does not determine wether a url will be called using GET or POST or any other method. Methods listed in RFC 2616 for HTTP 1.1 include OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, extension-method ( extension-method = token ) (see ftp://ftp.isi.edu/in-notes/rfc2616.txt section 5.1.1 for more details on methods) There are specifications on what each method is supposed to be used for (indeed this is what were discussing), but there is nothing to keep someone from misusing a method (as is shown by Mailman's own ?mis?use.) An interesting thing about specifications is that their value decreases as the number of infringements against them increases. And their value increases as the number of compliances increases. As far as I know most (if not all) mail clients that allow the user to visit a URL embedded in an email use the GET method to fetch that URL. But the only things keeping someone from building an email client that used the POST method are rfc 2616 and the wrath of Gerald and the W3C army. For what it's worth I like option 2. - It requires the user to make a more definite step towards subscribing/unsubscribing. - it exposes "naive" users to more technological steps without being overly confusing. (more exposure=good) - it complies with the W3C spec. As far as whether the specification in this instance is good or valuable. I don't think it's a simple cut and dried matter, and I'll give it some more thought and hopefully . - Ben From jra@baylink.com Thu Jul 19 05:29:22 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Thu, 19 Jul 2001 00:29:22 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010718162952.F2455@impressive.net>; from Gerald Oskoboiny on Wed, Jul 18, 2001 at 04:29:52PM -0400 References: <20010718153202.21790@scfn.thpl.lib.fl.us> <20010718160137.63335@scfn.thpl.lib.fl.us> <20010718162952.F2455@impressive.net> Message-ID: <20010719002922.06227@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 04:29:52PM -0400, Gerald Oskoboiny wrote: > > If I correctly understood your latter suggestion, then that's even > > worse, because 'scoopers' can't even avoid it -- it's not marked as > > 'magic' by the "?" character in the URL. > > URLs are not 'magic' just because they have a "?" character in > them; prefetchers can fetch URLs whether or not they have "?"s. > Those URLs could point to news articles or messages in mail archives > or something just as well as anything else. A URL with a "?" character in it is known to be dynamic -- that is, it's *expected* not to return the same content, depending on what parameter it's given; this is why search engines customarily ignore them... and it what I meant by "magic", in the context in which I was using it. > The way to make a distinction between HTTP requests that have > side effects and those that don't is to use the request method > (get, post, etc); this is what the spec says, and this is what is > implemented in popular sites, HTTP proxies, caches and user agents. This depends on whether you define "returns different things" as a side effect of differing parameters to a GET; I don't think that's what the standard means, but it isn't pertinent to my original argument in any event. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From jra@baylink.com Thu Jul 19 05:41:20 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Thu, 19 Jul 2001 00:41:20 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <200107182135.f6ILZSK13620@mail.ocentrix.net>; from Ben Burnett on Wed, Jul 18, 2001 at 02:35:28PM -0700 References: <200107182135.f6ILZSK13620@mail.ocentrix.net> Message-ID: <20010719004120.49777@scfn.thpl.lib.fl.us> My apologies that this is ugly; I'll try to clarify all my assertions here to avoid wasting bandwidth. On Wed, Jul 18, 2001 at 02:35:28PM -0700, Ben Burnett wrote: > >On Wed, Jul 18, 2001 at 12:51:28PM -0700, Chuq Von Rospach > wrote: > >> On 7/18/01 12:32 PM, "Jay R. Ashworth" > wrote: > >> > Alas, this is *just like* making the GET active, only > worse. > >> > >> How? I'm confused. Either way, you end up at a page with > the confirmation > >> information and an "accept" button (or use whatever > terminology you want). > >> > >> If you think that's wrong, what do you think would work? > I'm lost where > >> you're headed here. > > > >The two suggested approaches were, as I understood them, a URL > >embedded in the mail with a GET that was active and actually *did* > >the unsibscribe, and a URL embedded in the mail with a "pseudo-GET"; > >that is, there is no "?", but the URL is *still* magic, and performs > >the action when the URL is retrieved. > > This is not the impression that I had I thought we were > discussing two different possibilities. > > 1) the way it is done now. > visit the link (inherently a get operation) and you are > unsubscribed (or subscribed as the case may be). The page > that you see when you visit this link tells you that the > unsubscribe operation has been performed. This is the way it's done based on either someone's patch (yours?), or some other similar code; someone else asserts that this violates the W3C recommendations, even though Chuq initiall preferred it (although he appears to have changed his mind). > 2) the way C3C wants it done. > visit the link (still a get operation) and you are taken to > a page where you have to submit a form in order to have the > unsubscribe operation performed. Indeed. But then, someone suggested a third option: effectively the same as 2), but with the parameter hidden in a long URL, rather than sent as an explicit GET parameter (blah.cgi?tag=heresmytag). > >If I correctly understood your latter suggestion, then that's even > >worse, because 'scoopers' can't even avoid it -- it's not marked as > >'magic' by the "?" character in the URL. > > It appears as though you might be mistaken as to what > constitutes a GET request. Here is a multiple choice > question to make sure we are all on the same page. > > Which of the following URLs is uses the GET method. > x. http://host.domain.com/script.cgi?param=value > y. http://host.domain.com/script.cgi > z. http://host.domain.com/script.cgi/pathinfo?id=12 > > a) x. > b) y. > c) z. > d) all of the above. > e) none of the above. > f) it depends on how the HTTP Client calls the url. > > The way I understand it the answer is "f) it depends on how > the HTTP Client calls the url.". Having a "?" character > does not determine wether a url will be called using GET or > POST or any other method. Perhaps I'm mistaken, and a POST *can* be called with a ? parameter, but in general, if you see a ?, the call will be the default GET, and if the page is sending parameters as a POST, then they'll be sent "out of band" to the URL, and the method will be POST instead of GET. > Methods listed in RFC 2616 for HTTP 1.1 include OPTIONS, > GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, > extension-method ( extension-method = token ) > (see ftp://ftp.isi.edu/in-notes/rfc2616.txt section 5.1.1 > for more details on methods) > > There are specifications on what each method is supposed to > be used for (indeed this is what were discussing), but there > is nothing to keep someone from misusing a method (as is > shown by Mailman's own ?mis?use.) An interesting thing > about specifications is that their value decreases as the > number of infringements against them increases. And their > value increases as the number of compliances increases. All those things stipulated. And perhaps I was making some unclear assumptions in my phrasing. But while all requests are GETs, unless specifically otherwise arranged, what I meant to imply was "parameterized GET's of CGI scripts". Granted, the *client* can't tell explicitly if that condition is being met without special knowledge... but the *system* designer certainly knows; it's a closed system in this case. (Or at least, semi-closed; obviously you *can* call a CGI from something other than it's matched form...) > As far as I know most (if not all) mail clients that allow > the user to visit a URL embedded in an email use the GET > method to fetch that URL. But the only things keeping > someone from building an email client that used the POST > method are rfc 2616 and the wrath of Gerald and the W3C > army. Indeed. But such clients don't *currently* exist, which is more pertinent to the issue at hand. > For what it's worth I like option 2. > - It requires the user to make a more definite step towards > subscribing/unsubscribing. > - it exposes "naive" users to more technological steps > without being overly confusing. (more exposure=good) > - it complies with the W3C spec. > > As far as whether the specification in this instance is > good or valuable. I don't think it's a simple cut and > dried matter, and I'll give it some more thought and > hopefully . Indeed... That clause no verb. :-) I was going on Chuq's assertion that in some cases, it's *necessary* for merely clicking the link in an email to automagically perform the unsubscribe... which was backed up by my own marketling-list and PHB experience. If we agree to ignore that category, then the whole argument is moot. Cheers, - jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From claw@2wire.com Thu Jul 19 05:51:48 2001 From: claw@2wire.com (J C Lawrence) Date: Wed, 18 Jul 2001 21:51:48 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: Message from "Jay R. Ashworth" of "Thu, 19 Jul 2001 00:29:22 EDT." <20010719002922.06227@scfn.thpl.lib.fl.us> References: <20010718153202.21790@scfn.thpl.lib.fl.us> <20010718160137.63335@scfn.thpl.lib.fl.us> <20010718162952.F2455@impressive.net> <20010719002922.06227@scfn.thpl.lib.fl.us> Message-ID: <26418.995518308@2wire.com> On Thu, 19 Jul 2001 00:29:22 -0400 Jay R Ashworth wrote: > A URL with a "?" character in it is known to be dynamic -- that > is, it's *expected* not to return the same content, depending on > what parameter it's given; this is why search engines customarily > ignore them... and it what I meant by "magic", in the context in > which I was using it. This presumed fact would seem a myth. Kanga.Nu has circa 150K web pages of which between one third and one half have URL variables ('?' in the URL). __ALL__ of those pages are regularly (evey month) and repeatedly indexed by Google, Inktomi etc. Actually at this point I'm not aware of any english language search engine which doesn't index Kanga.Nu (encluding those pages), and I know its also indexed by several foreign language search engines as well. Simple example: http://www.google.com/search?q=beej+site%3Awww.kanga.nu First hit: http://www.kanga.nu/library/index.php3?viewCat=10 A dynamically generated page whose content depends on the value of "viewCat". Aside: The Library At Kanga.Nu (of which that is a page) is largely offline currently due to DB corruption (MySQL has been eating its own databases and I've not had a chance to restore from backups). Please don't email me asking why or telling me that all the root categories are missing. Yeah, I know. -- J C Lawrence )\._.,--....,'``. ---------(*) /, _.. \ _\ ;`._ ,. claw@kanga.nu `._.-(,_..'--(,_..'`-.;.' http://www.kanga.nu/~claw/ Oh Freddled Gruntbuggly From chuqui@plaidworks.com Thu Jul 19 05:53:36 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 21:53:36 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <20010719004120.49777@scfn.thpl.lib.fl.us> Message-ID: On 7/18/01 9:41 PM, "Jay R. Ashworth" wrote: > I was going on Chuq's assertion that in some cases, it's *necessary* > for merely clicking the link in an email to automagically perform the > unsubscribe... which was backed up by my own marketling-list and PHB > experience. > I don't think I said that, jay. I'm arguing for as simple as possible, but I'm convinced that the single-click is too simple and dangerous. Where I think you're confused is my discussion about double opt-in e-mail vs single opt-in vs opt-out stuff. None of that, per-se, is implemented by one-click (or GET vs POST) stuff, although you could. You could implement any of those with one-click, or conformant to the W3 stuff. -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Some days you're the dog, some days you're the hydrant. From chuqui@plaidworks.com Thu Jul 19 05:56:28 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 21:56:28 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <26418.995518308@2wire.com> Message-ID: On 7/18/01 9:51 PM, "J C Lawrence" wrote: >> Simple example: > > http://www.google.com/search?q=beej+site%3Awww.kanga.nu Wait. Are we allowed to put this in an e-mail? Shouldn't JC have had to put it on a web page and post a URL to the page with the link on it? -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. Any connection between your reality and mine is purely coincidental. From jra@baylink.com Thu Jul 19 05:56:38 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Thu, 19 Jul 2001 00:56:38 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <26418.995518308@2wire.com>; from J C Lawrence on Wed, Jul 18, 2001 at 09:51:48PM -0700 References: <20010718153202.21790@scfn.thpl.lib.fl.us> <20010718160137.63335@scfn.thpl.lib.fl.us> <20010718162952.F2455@impressive.net> <20010719002922.06227@scfn.thpl.lib.fl.us> <26418.995518308@2wire.com> Message-ID: <20010719005638.40970@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 09:51:48PM -0700, J C Lawrence wrote: > > A URL with a "?" character in it is known to be dynamic -- that > > is, it's *expected* not to return the same content, depending on > > what parameter it's given; this is why search engines customarily > > ignore them... and it what I meant by "magic", in the context in > > which I was using it. > > This presumed fact would seem a myth. Kanga.Nu has circa 150K web > pages of which between one third and one half have URL variables > ('?' in the URL). __ALL__ of those pages are regularly (evey month) > and repeatedly indexed by Google, Inktomi etc. Actually at this > point I'm not aware of any english language search engine which > doesn't index Kanga.Nu (encluding those pages), and I know its also > indexed by several foreign language search engines as well. The last time I looked, that assertion was still being made; I *think* even on Google's own FAQ, though I could be wrong. I'll try to find some cites. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From claw@2wire.com Thu Jul 19 06:02:40 2001 From: claw@2wire.com (J C Lawrence) Date: Wed, 18 Jul 2001 22:02:40 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: Message from "Jay R. Ashworth" of "Thu, 19 Jul 2001 00:41:20 EDT." <20010719004120.49777@scfn.thpl.lib.fl.us> References: <200107182135.f6ILZSK13620@mail.ocentrix.net> <20010719004120.49777@scfn.thpl.lib.fl.us> Message-ID: <26508.995518960@2wire.com> On Thu, 19 Jul 2001 00:41:20 -0400 Jay R Ashworth wrote: > My apologies that this is ugly; I'll try to clarify all my > assertions here to avoid wasting bandwidth. Using an MUA/editor which handled quote line wrapping properly would have helped quite a bit. Suggest SuperCite. If you're one of those desperate vim users per recent SVLUG traffic VIM has a mode/macro/tool/something to properly handling quote wrapping. > Perhaps I'm mistaken, and a POST *can* be called with a ? > parameter, but in general, if you see a ?, the call will be the > default GET, and if the page is sending parameters as a POST, then > they'll be sent "out of band" to the URL, and the method will be > POST instead of GET. Nope. Do a packet sniff and watch. Its still a GET, its just that most systems will read variables off the URL as if they had been POSTed -- J C Lawrence )\._.,--....,'``. ---------(*) /, _.. \ _\ ;`._ ,. claw@kanga.nu `._.-(,_..'--(,_..'`-.;.' http://www.kanga.nu/~claw/ Oh Freddled Gruntbuggly From chuqui@plaidworks.com Thu Jul 19 06:02:54 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Wed, 18 Jul 2001 22:02:54 -0700 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: <20010718172414.G2455@impressive.net> Message-ID: On 7/18/01 2:24 PM, "Gerald Oskoboiny" wrote: > Because I know there are broken implementations out there, I > would not recommend that most people try prefetching any URLs > they see in their incoming email, But doesn't the standard encourage just that, because it puts a patina of "it's okay to do this" on a standard that's clearly not safe to do so with, while not really dealing (at least in any of the stuff I've seen) with why it's not really safe, at least in a way someone who isn't already familiar with the issues would catch? -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. I'm really easy to get along with once you people learn to worship me. From claw@2wire.com Thu Jul 19 06:04:24 2001 From: claw@2wire.com (J C Lawrence) Date: Wed, 18 Jul 2001 22:04:24 -0700 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: Message from Chuq Von Rospach of "Wed, 18 Jul 2001 21:56:28 PDT." References: Message-ID: <26523.995519064@2wire.com> On Wed, 18 Jul 2001 21:56:28 -0700 Chuq Von Rospach wrote: > On 7/18/01 9:51 PM, "J C Lawrence" wrote: >> http://www.google.com/search?q=beej+site%3Awww.kanga.nu > Wait. Are we allowed to put this in an e-mail? Shouldn't JC have > had to put it on a web page and post a URL to the page with the > link on it? What a senseless waste of human life! -- J C Lawrence )\._.,--....,'``. ---------(*) /, _.. \ _\ ;`._ ,. claw@kanga.nu `._.-(,_..'--(,_..'`-.;.' http://www.kanga.nu/~claw/ Oh Freddled Gruntbuggly From gerald@impressive.net Thu Jul 19 07:38:42 2001 From: gerald@impressive.net (Gerald Oskoboiny) Date: Thu, 19 Jul 2001 02:38:42 -0400 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: ; from chuqui@plaidworks.com on Wed, Jul 18, 2001 at 10:02:54PM -0700 References: <20010718172414.G2455@impressive.net> Message-ID: <20010719023842.A7597@impressive.net> On Wed, Jul 18, 2001 at 10:02:54PM -0700, Chuq Von Rospach wrote: > On 7/18/01 2:24 PM, "Gerald Oskoboiny" wrote: > > > Because I know there are broken implementations out there, I > > would not recommend that most people try prefetching any URLs > > they see in their incoming email, > > But doesn't the standard encourage just that, because it puts a patina of > "it's okay to do this" what is "this" exactly? > on a standard that's clearly not safe to do so with, I disagree re "clearly not safe"; like I said in my previous message, "I don't think the problem is yet widespread enough that we need to declare the HTTP spec irrelevant and just use GET and POST with no regard for their intended semantics." What should the spec say, you should not GET any URLs, any time, because doing so might trigger unexpected side effects in noncompliant implementations? > while not really dealing (at least in any of the stuff I've seen) with why > it's not really safe, at least in a way someone who isn't already familiar > with the issues would catch? Once again this sounds like a comment on spec quality, and I suggest you take it up with the IETF HTTP working group or start a discussion on the www-talk list. -- Gerald Oskoboiny http://impressive.net/people/gerald/ From satyap@satya.virtualave.net Thu Jul 19 12:05:47 2001 From: satyap@satya.virtualave.net (Satya) Date: Thu, 19 Jul 2001 16:35:47 +0530 (IST) Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: Message-ID: On Jul 18, 2001 at 21:56, Chuq Von Rospach wrote: >On 7/18/01 9:51 PM, "J C Lawrence" wrote: >> http://www.google.com/search?q=beej+site%3Awww.kanga.nu > >Wait. Are we allowed to put this in an e-mail? Shouldn't JC have had to put >it on a web page and post a URL to the page with the link on it? This got me thinking. I haven't been following this discussion too closely, but it strikes me that a GET like the above should return the same thing given the same parameters. This is what "side effects" should mean. If it's a confirmation, the second time you try to GET the URL, you'll (well, should) get an error saying "already confirmed". Thus, side-effect. State change. A search URL like the one above doesn't cause any state change (except maybe counter/stats), so should be okay. Not easy (or maybe even possible) to distinguish those by a program, though. -- Satya. US-bound grad students! For pre-apps, see "The Wedge went to immediate WeDon'tEvenHaveAColorForThis Alert." -- Undocumented Features I From jra@baylink.com Thu Jul 19 15:00:28 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Thu, 19 Jul 2001 10:00:28 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <26523.995519064@2wire.com>; from J C Lawrence on Wed, Jul 18, 2001 at 10:04:24PM -0700 References: <26523.995519064@2wire.com> Message-ID: <20010719100028.29452@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 10:04:24PM -0700, J C Lawrence wrote: > On Wed, 18 Jul 2001 21:56:28 -0700 > Chuq Von Rospach wrote: > > On 7/18/01 9:51 PM, "J C Lawrence" wrote: > >> http://www.google.com/search?q=beej+site%3Awww.kanga.nu > > > Wait. Are we allowed to put this in an e-mail? Shouldn't JC have > > had to put it on a web page and post a URL to the page with the > > link on it? > > > > What a senseless waste of human life! C'mon; you'll have your LARTing priviliged revoked if you don't exercise better judgement... Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From jra@baylink.com Thu Jul 19 15:02:45 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Thu, 19 Jul 2001 10:02:45 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: ; from Satya on Thu, Jul 19, 2001 at 04:35:47PM +0530 References: Message-ID: <20010719100245.49529@scfn.thpl.lib.fl.us> On Thu, Jul 19, 2001 at 04:35:47PM +0530, Satya wrote: > >On 7/18/01 9:51 PM, "J C Lawrence" wrote: > >> http://www.google.com/search?q=beej+site%3Awww.kanga.nu > > > >Wait. Are we allowed to put this in an e-mail? Shouldn't JC have had to put > >it on a web page and post a URL to the page with the link on it? > > This got me thinking. I haven't been following this discussion too > closely, but it strikes me that a GET like the above should return the > same thing given the same parameters. This is what "side > effects" should mean. > > If it's a confirmation, the second time you try to GET the URL, you'll > (well, should) get an error saying "already confirmed". Thus, > side-effect. State change. > > A search URL like the one above doesn't cause any state change (except > maybe counter/stats), so should be okay. > > Not easy (or maybe even possible) to distinguish those by a program, > though. Correct. This is the underlying reason for the W3C recommendation (pronouncement?). The fence they build is "if it ain't a post, it's not allowed to do anything you weren't expecting." Whether that was acceptable In The Real World was the debate we were having -- it requires an (potentially not acceptable to the user) extra action to do what is desired (in this case, unsubbing from a list). Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From jra@baylink.com Thu Jul 19 15:05:26 2001 From: jra@baylink.com (Jay R. Ashworth) Date: Thu, 19 Jul 2001 10:05:26 -0400 Subject: [Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations) In-Reply-To: <26508.995518960@2wire.com>; from J C Lawrence on Wed, Jul 18, 2001 at 10:02:40PM -0700 References: <200107182135.f6ILZSK13620@mail.ocentrix.net> <20010719004120.49777@scfn.thpl.lib.fl.us> <26508.995518960@2wire.com> Message-ID: <20010719100526.53800@scfn.thpl.lib.fl.us> On Wed, Jul 18, 2001 at 10:02:40PM -0700, J C Lawrence wrote: > > My apologies that this is ugly; I'll try to clarify all my > > assertions here to avoid wasting bandwidth. > > Using an MUA/editor which handled quote line wrapping properly would > have helped quite a bit. Suggest SuperCite. If you're one of those > desperate vim users per recent SVLUG traffic VIM has a > mode/macro/tool/something to properly handling quote wrapping. I use par; the wrapping was botched before it got to me and I was too lazy to unscrew *all* of it. > > Perhaps I'm mistaken, and a POST *can* be called with a ? > > parameter, but in general, if you see a ?, the call will be the > > default GET, and if the page is sending parameters as a POST, then > > they'll be sent "out of band" to the URL, and the method will be > > POST instead of GET. > > Nope. Do a packet sniff and watch. Its still a GET, its just that > most systems will read variables off the URL as if they had been > POSTed That answer isn't an answer to any of the possible questions embedded in my comment, Joe. :-) Most URL's are sent using the GET method, and some of those have parameters to a CGI hanging off a "?". The conjecture was that if you saw a "?", it *had* to be a GET; POSTs weren't *allowed* to have both types of parameters. That's conjecture because I don't know the standard well enough... but your reply doesn't clarify that question. Cheers, - jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 804 5015 OS X: Because making Unix user-friendly was easier than debugging Windows -- Simon Slavin in a.f.c From cmmm@mossc.com Thu Jul 19 19:21:19 2001 From: cmmm@mossc.com (Chuck Moss) Date: Thu, 19 Jul 2001 14:21:19 -0400 Subject: [Mailman-Developers] list throttling, handling auto responders Message-ID: <20010719142119.A7196@mossc.com> I recall a discussion a while ago about ways to handle autoresponder mail loops but I can't find the thread at the moment. Not sure what the resolution was but I remember some of the ideas/issues. Problem: How can the software automatically handle mail loops caused by broken autoresponders. -------------------------------------------------------------------- Option 1: detect loops by frequency of posts from an individual account. Throttle the list to a certain number of messages/user in a given time frame. Advantages: easy to implement? relatively robust? Disadvantages: can impact lively productive discussions if limit is set too low. Useless if too high. Some mail loops may be too slow to be caught by this. Assume mail corporate mail queue only cycles every 15 minutes or so. Lots of moderator work. -------------------------------------------------------------------- Option 2: detect loops by type of content in messages. try to bounce/moderate bad posts. Advantages: if functional no impact on lively discussions. Disadvantages: complex implementation, difficult to catch every instance -------------------------------------------------------------------- This happened on another list the other day and I had an idea. I am hoping brain storm but maybe brain drizzle. How about using option 1 with a modification. If the user hits a threshold their postings would become self-moderated. A post could result in an email message to the sender similar to the message they get when awaiting moderator approval. It would allow them to apporve their own message either by email or web interface. If the web interface was used they could approve several pending posts at once. The email self-moderation would need to be complex enough that a simply autoreply could not trigger the approval. This "self-moderation" feature could be extended to allow for postings from unsubscribed addresses etc. Sorry for the term self-moderation. It is really just a confirmation similar to subscription. Hopefully the code could be re-used. Has this been done before? What major pitfalls to this approach am I overlooking? Chuck Moss From cmmm@mossc.com Thu Jul 19 18:53:20 2001 From: cmmm@mossc.com (Chuck Moss) Date: Thu, 19 Jul 2001 13:53:20 -0400 Subject: [Mailman-Developers] Please Explain !!! In-Reply-To: ; from simon.troup@digitalmusicart.com on Mon, Jul 16, 2001 at 10:55:38PM +0100 References: Message-ID: <20010719135320.A7021@mossc.com> I did some checking on this issue. It looks like graffiti.net is a free web based email provider. They also allow forwarding. So I am guessing from the headers that someone is pissed off at you. They: 1. setup a free web based email account(sardy5@graffiti.net) 2. subscribed that address to as many mailing lists as possible. 3. they forwarded all that email to you. 4. all the subscription messages are a result of them continuing to subscribe that account to more mailing lists. It looks like your solution is to get graffiti.net/outblaze.com to shutdown that account or get your email provider(digitalmusicart.com) to refuse mail from outblaze.com destined for your address. This may not help you if the perpetrator does the same thing again. This also could be a typo somewhere but it sounds like the level of mail indicates an intentional mailbomb. Chuck Moss On Mon, Jul 16, 2001 at 10:55:38PM +0100, Simon Troup wrote: > Firstly, I have no idea why I'm getting mail from the Mailman Dev list, I > didn't join it !!! > > Note also that I have not subscribed to any lists on outblaze.com / > portal2.com and this is I believe a result of joining the mailman lists > (happened 2 min after and I started getting post form mailman-dev too, only > subscribed to mailman-users). > > Here's an example of what I've been getting ... > > Thanks > > ======================================= > Return-path: > Envelope-to: simon.troup@digitalmusicart.com > Delivery-date: Mon, 16 Jul 2001 11:38:43 -0400 > Received: from tower.portal2.com ([202.77.223.18]) > by dropkick.trouble-free.net with smtp (Exim 3.20 #1) > id 15MAJf-0002p9-00 > for simon.troup@digitalmusicart.com; Mon, 16 Jul 2001 11:29:51 -0400 > Received: (qmail 64180 invoked by uid 1001); 16 Jul 2001 15:29:58 -0000 > Delivered-To: sardy5@graffiti.net > Received: (qmail 64169 invoked from network); 16 Jul 2001 15:29:58 -0000 > Received: from 202-123-209-136.outblaze.com (HELO spf1.hk5.outblaze.com) > (202.123.209.136) > by tower.portal2.com with SMTP; 16 Jul 2001 15:29:58 -0000 > Received: from 202-123-209-174.outblaze.com (202-123-209-174.outblaze.com > [202.123.209.174]) > by spf1.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id f6GFTvT31659 > for ; Mon, 16 Jul 2001 15:29:57 GMT > Message-ID: > com> > Content-Type: text/html; charset="iso-8859-1" > Content-Disposition: inline > Content-Transfer-Encoding: 7bit > MIME-Version: 1.0 > X-Mailer: MIME-tools 5.41 (Entity 5.404) > From: "Gloria Mui" > To: "Doramail Mailing List" > Date: Sun, 15 Jul 2001 01:58:53 +0800 > Subject: [doratalk] Re: Hi > List-Unsubscribe: > Reply-To: "Doramail Mailing List" > > > my english is ok... > > doramon is very cute, pokemon is ok. i dont really like them. > > sometimes, i think the cartoon is stupid...but many kids like it in > canada...they are crazy for pokemon... > > are u chinese?? -- > Get your free email from www.doramail.com with 30 Megs of disk space in > webhosting and e-mail storage! > > > > > > Powered by Outblaze > -- You are currently subscribed to doratalk as: sardy5@graffiti.net To > unsubscribe send a blank email to leave-doratalk-3118081O@list.doramail.com > From juergen.erhard@gmx.net Fri Jul 20 04:40:22 2001 From: juergen.erhard@gmx.net (=?ISO-8859-1?Q?=22J=FCrgen_A=2E_Erhard=22?=) Date: Fri, 20 Jul 2001 05:40:22 +0200 Subject: [Mailman-Developers] Re: subscription confirmations In-Reply-To: <20010717023524.C1482@impressive.net> (message from Gerald Oskoboiny on Tue, 17 Jul 2001 02:35:24 -0400) References: <20010716203828.C24341@impressive.net> <20010717023524.C1482@impressive.net> Message-ID: <20072001.2@wanderer.local.jae.dyndns.org> --pgp-sign-Multipart_Fri_Jul_20_05:40:01_2001-1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable >>>>> "Gerald" =3D=3D Gerald Oskoboiny writes: Mind if I chime in? (Even though you posted an EOT, Chuq). >> [...] I'd argue that the standard provides a false sense of >> security [...] [Sorry for the butchering, Chuq, but I want to emphasize the conflict that I see...] Gerald> 9.1.1 Safe Methods Gerald> [...] Gerald> In particular, the convention has been established Gerald> that the GET and HEAD methods SHOULD NOT have the Gerald> significance of taking an action other than Gerald> retrieval. These methods ought to be considered Gerald> "safe". This allows user agents to represent other Gerald> methods, such as POST, PUT and DELETE, in a special Gerald> way, so that the user is made aware of the fact that a Gerald> possibly unsafe action is being requested. So people will have their browser mark these links in a special way (is any browser actually doing that?). *That* is the false sense of security Chuq mentioned. (I think ;-) "This link is a safe link, because my browser tells me so". A fat lot of good that will do them. (BTW: anyone realize that it's "SHOULD NOT" and not "MUST NOT"? Read RFC2119 and you'll see how this is relevant to *this* mailman discussion (yes, I've seen Barry's BDFL pronouncement... I just like to argue and debate ;-)) Gerald> The important distinction here is that the user did Gerald> not request the side-effects, so therefore cannot be Gerald> held accountable for them. Gerald> -- http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#se= c9.1.1 Yay! I didn't know the HTTP standards body wrote law. Or has RFC2616 been passed by the House? And been confirmed by the Senate? (Or is it the other way 'round?) Gerald> but once all that's been said, it's really up to the Gerald> implementations to do the right thing. And then we'll have the old and beloved game of "passing the buck". "Me? But my browser showed me the link was safe!" "Us? We just implemented the standard!". "Us? Ooops..." ;-) >> No, but it can cause actions you'll regret. You started this by >> bringing up one as a problem. Now, however, you're saying >> "well, that's no big deal". As you can see above, Chuq, apparently RFC2616 contains new law saying that whatever that link did is "Not Your Fault" (The Browser Made Me Do It!) (Hey, Barry, I've got a song idea: "Not My Fault -- The Browser Made Me Do It (The RFC2616 Blues)" ;-) Bye, J PS: This is a resend, because the first mail out went to Chuq only... I screwed up the To header. --=20 J=FCrgen A. Erhard (juergen.erhard@gmx.net, jae@users.sourceforge.net) My WebHome: http://members.tripod.com/Juergen_Erhard GIMP - Image Manipulation Program (http://www.gimp.org) Codito, ergo sum - I code, therefore I am -- Raster --pgp-sign-Multipart_Fri_Jul_20_05:40:01_2001-1 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjtXqBgACgkQN0B+CS56qs3DHACdGGtxsHhlXym/5oT+OVpnY37J CXIAn2F0U+EPzZuEfRwnCG+3DbWY4dYM =Zt2L -----END PGP SIGNATURE----- --pgp-sign-Multipart_Fri_Jul_20_05:40:01_2001-1-- From thomas@xs4all.net Fri Jul 20 10:33:57 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Fri, 20 Jul 2001 11:33:57 +0200 Subject: [Mailman-Developers] Another big batch of checkins coming In-Reply-To: <15189.63960.203884.9246@anthem.wooz.org> Message-ID: <20010720113357.J2054@xs4all.nl> On Wed, Jul 18, 2001 at 05:04:24PM -0400, Barry A. Warsaw wrote: > There are three general features that are being added. A brief > overview follows: > - a topic filter > - membership adaptors > - "virtual" mailing lists Very cool! I haven't gotten any of this to work yet , but my hopes are a bit better after the fixes I checked in and the better fixes you checked in, Barry :) I really like the topic filter idea, and I *love* the membership adaptor idea (as I've said before; we need it at work :) Once 2.1 stabilizes enough for me to run it on an office server for a few office lists, I'll see about making a generic SQL adaptor, since we need to pull some info out of MySQL and PostgresSQL databases. Have you got any other sponsored work lying around, Barry ? Like, say, a good archiver ? :-) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From barry@digicool.com Fri Jul 20 17:13:13 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Fri, 20 Jul 2001 12:13:13 -0400 Subject: [Mailman-Developers] Another big batch of checkins coming References: <15189.63960.203884.9246@anthem.wooz.org> <20010720113357.J2054@xs4all.nl> Message-ID: <15192.22681.21366.83847@anthem.wooz.org> >>>>> "TW" == Thomas Wouters writes: TW> Very cool! I haven't gotten any of this to work yet , TW> but my hopes are a bit better after the fixes I checked in and TW> the better fixes you checked in, Barry :) :) I've been seriously thinking about sticking a fork in 2.1 sooner rather than later, i.e. moving it to beta and stop adding new features. I was updating this page: http://www.zope.org/Members/bwarsaw/MailmanDesignNotes/MailmanTwoDotOne and recognized that most of the items on the list are marked as done. There are a few on that list that I definitely want to defer until MM2.2/3.0, most notably the de-MIME filters and the themes/cascading permissions idea. This will let me keep my promise of a last alpha in the July/August timeframe. Then I can concentrate on docs and bug fixing for a hopeful release September/October-ish. I plan to work on the confirmation stuff, and probably integrate that into the held message/held subscription stuff. I also want to do some work on the messages that admins get for holds. Any anything else on the design notes page that isn't explicitly marked Done or Deferred. There may be a few small ones in the TODO list that I'd like to tackle too. But primarily I want to work on getting an I18N version of Mailman out the door RSN. TW> I really like the topic filter idea, and I *love* the TW> membership adaptor idea (as I've said before; we need it at TW> work :) Indeed! TW> Once 2.1 stabilizes enough for me to run it on an office TW> server for a few office lists, I'll see about making a generic TW> SQL adaptor, since we need to pull some info out of MySQL and TW> PostgresSQL databases. Very cool. TW> Have you got any other sponsored work lying around, Barry ? TW> Like, say, a good archiver ? :-) Nope, but all offers are welcome! bring-your-checkbook-thomas-ly y'rs, -Barry From barry@digicool.com Fri Jul 20 17:51:48 2001 From: barry@digicool.com (Barry A. Warsaw) Date: Fri, 20 Jul 2001 12:51:48 -0400 Subject: [Mailman-Developers] Wooz.org temporary outage Message-ID: <15192.24996.962994.728179@anthem.wooz.org> My DSL ISP (who does a great job, BTW) is switching my domain from its New York City POP to its Washington DC POP in a few hours. I already get great service, so I'm hoping that switching to the local POP will at least not make it any worse; hopefully it'll be better still. Anyway, this means that my IP addresses are all changing, and I'll be updating my DNS information shortly. So wooz.org (the terminus for all my email, including via python.org and digicool.com) will be off-line, hopefully for just a few hours. I've got a secondary MX setup which appears to work, so I shouldn't lose any email. I just wanted to send out a notice in case you guys see any bounces over the next 24 hours or so. Cheers, -Barry From chuqui@plaidworks.com Mon Jul 23 06:15:15 2001 From: chuqui@plaidworks.com (Chuq Von Rospach) Date: Sun, 22 Jul 2001 22:15:15 -0700 Subject: [Mailman-Developers] Some notes on my stuff... Message-ID: We had discussions a while back on the performance problems I was seeing on my big mailman machine. I figured it was probably time to update, so everyone knew what was going on... For those that don't remember, my big mailman machine (Sun E250, mailman 2.0.5, sendmail) was maxing out at about 625 messages processed a day -- and we were seeing peak backlogs of 4 hours between receiving and processing. Not good. My testing showed the major processing delay was the speed of uptake by sendmail, primarily due to DNS delays. And given that you can't turn off DNS lookups without turning off a lot of the anti-spam stuff, you're kinda stuck. So I've been working to move my system sfrom sendmail to postfix. Along the way, by pure happenstance (you can read that to mean "I was testing, I screwed up, and it showed me something I wasn't looking for and didn't expect to find"), I found out that there was a second, more subtle and infernal problem that was making the main problem even worse: Disk I/O It turns out I was saturating a disk spindle, and it wasn't obvious that I was doing it. Once I found it, though, it was obvious what was happening -- sendmail was, basically, stuttering, and with the disk I/O causing delays, every minor delay by DNS was being elongated, which was causing much of the performance problem. I was able to fix most of the disk I/O problem by splitting off a big chunk to an underused spindle, and saw performance improve markedly -- it's now processing 700+ messages a day (the peak day was 810), and my delay to delivery is normally 5 minutes or less. I've seen a few times where that delay's grown to a whopping half an hour -- but that, at least right now, is fine. Because of this, I've slowed down on the move to postfix, not because I don't plan on doing it, but because other things have taken priority for now and I want to do some testing before I make the change; as I like to tell my management, swapping MTAs is like replacing the transmission in a bus just before driving the kids to summer camp, and I don't particularly want to end up on the side of the road because I was in too much of a hurry...). My capacity magically went up at least 30% by fixing the disk I/O problems. Which leads to a few truisms. First, when you're trying to find a problem, assume nothing. And once you FIND the problem, don't assume it's THE problem, it might instead be A problem -- in my case, there was a second, underlying problem that the switch to postfix would have reduced but not solved, and it's unclear by how much. And, of course, check everything. One thing I didn't look at until after I stumbled into this was spindle usage, and where I assumed things were okay, it turned out -- it wasn't. And it's probably safe to say you should ALWAYS assume that disk I/O is a problem, and rule it out before you start finding other problems... Because it's something that will make all of the other problems worse, but not necessarily easy to find unless you look for it specifically. We're now talking about upgrading all of the email machines to RAID 1+0 down the road, just to build a system that maximizes the disk performance, since it's now clear I've been underestimating it's impact (even though I thought I wasn't...) -- Chuq Von Rospach, Internet Gnome [ = = ] Yes, yes, I've finally finished my home page. Lucky you. The first rule of holes: If you are in one, stop digging. From thomas@xs4all.net Mon Jul 23 14:35:29 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Mon, 23 Jul 2001 15:35:29 +0200 Subject: [Mailman-Developers] Some notes on my stuff... In-Reply-To: References: Message-ID: <20010723153529.B569@xs4all.nl> On Sun, Jul 22, 2001 at 10:15:15PM -0700, Chuq Von Rospach wrote: > For those that don't remember, my big mailman machine (Sun E250, mailman > 2.0.5, sendmail) was maxing out at about 625 messages processed a day -- and > we were seeing peak backlogs of 4 hours between receiving and processing. > Not good. For what it's worth, we did some performance comparisons between the Sun E450's we have (single- and dual-CPU, 1G to 2G RAM, with separate LVD SCSI disks and with a hardware RAID array in RAID5 mode (also LVD SCSI)) and the 1Ghz P3's with 1G RAM but with U160 SCSI (twice the theoretical speed of 'normal' LVD SCSI) and software RAID 5. The intels (running Linux and FreeBSD) were so much more faster, especially in disk i/o, it was just scary. And that wasn't even factoring in the price issue. And there's U320 too, which we haven't tested with yet. The U450's are for sale, by the way. They're lend out to HAL2001, where they'll be on show, too :) (http://www.hal2001.org) > And it's probably safe to say you should ALWAYS assume that disk I/O is a > problem, and rule it out before you start finding other problems... Because > it's something that will make all of the other problems worse, but not > necessarily easy to find unless you look for it specifically. Amen to that. We used to use BSDI a lot, and we always installed it from CD, using an old external SCSI CD player. It took several hours to do the install that way, but we always did it that way because that was the way we did it, and we assumed it was normal for it to take that long. And then one of the new servers arrived with an IDE CD player in it, 32 speed or so, and using that, the install was done in 20 minutes. Talk about embarrasing :) Nowadays, we do PEX installs of FreeBSD and Linux, to fully configured and customized machines, in 15 minutes :P We stopped using BSDI before we came to U160, but switching one I/O-bound application from BSDI 4.x on 'normal' UWD SCSI (40Mb/s) to FreeBSD on U160 SCSI (160Mb/s) really did quadruple the performance, much to all of our amazement. > We're now talking about upgrading all of the email machines to RAID 1+0 > down the road, just to build a system that maximizes the disk performance, > since it's now clear I've been underestimating it's impact (even though I > thought I wasn't...) Picking the right filesystem, if you have a choice, and tuning it is also important. Not sure howmuch there is to tune about Sun's UFS implementation, but FreeBSD has some tunables, and Linux has several filesystems to choose from. FreeBSD also desperately needs tuning if you're going to use it as an NFS server, by the way. To bring it back on-topic: I concur that disk i/o is very important in Mailman, and is probably the chief bottleneck (for those who have performance problems) and in fact all of the crashes our main list machine has, are disk i/o related. The machine was also a batched-SMTP machine, so it ran a *lot* of sendmail. -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From mrbill@mrbill.net Mon Jul 23 16:41:09 2001 From: mrbill@mrbill.net (Bill Bradford) Date: Mon, 23 Jul 2001 10:41:09 -0500 Subject: [Mailman-Developers] Some notes on my stuff... In-Reply-To: ; from chuqui@plaidworks.com on Sun, Jul 22, 2001 at 10:15:15PM -0700 References: Message-ID: <20010723104109.D616@mrbill.net> On Sun, Jul 22, 2001 at 10:15:15PM -0700, Chuq Von Rospach wrote: > For those that don't remember, my big mailman machine (Sun E250, mailman > 2.0.5, sendmail) was maxing out at about 625 messages processed a day -- and > we were seeing peak backlogs of 4 hours between receiving and processing. > Not good. > My testing showed the major processing delay was the speed of uptake by > sendmail, primarily due to DNS delays. And given that you can't turn off DNS > lookups without turning off a lot of the anti-spam stuff, you're kinda > stuck. I went from sendmail to postfix, and saw at least a 10x speed improvement (from 12-hours-max from sending an email to a list to receiving it, to 12 *minutes*.) Turns out Sendmail was choking on the "backlog" queue of deferred/undeliverable email. Postfix basically says "okay, I"ll try this later, and i'll deliver the email now that CAN be delivered". I'm MUCH happier with Postfix. I've got 3-4 1000-user lists and one 3000-user list, with 10-15 mails to each list every day. I do about 500meg/day of outgoing mail volume. Bill -- Bill Bradford mrbill@mrbill.net Austin, TX From Nigel.Metheringham@VData.co.uk Mon Jul 23 17:05:17 2001 From: Nigel.Metheringham@VData.co.uk (Nigel Metheringham) Date: 23 Jul 2001 17:05:17 +0100 Subject: [Mailman-Developers] Some notes on my stuff... In-Reply-To: References: Message-ID: <995904322.8712.31.camel@gaspode.localnet> On 22 Jul 2001 22:15:15 -0700, Chuq Von Rospach wrote: > My testing showed the major processing delay was the speed of uptake by > sendmail, primarily due to DNS delays. And given that you can't turn off DNS > lookups without turning off a lot of the anti-spam stuff, you're kinda > stuck. I assume that applies to sendmail only - since there is no need to do in-line resolving of either recipient or sender addresses for messages generated from Mailman (since sender will be a local list related address, and you can do the recipients later and report em back by mail). As for disk throughput... my favoured theoretical solution is a journaled filesystem with journal on NVRAM - great for mail spools where a lot traffic is transitory and you never need to actually commit those journal transactions to the platters. [In theory all the stuff is in place to do that with ext3 now... its just I don't have the impetous to get the kit to test this config] Nigel. From Dan Mick Mon Jul 23 20:17:51 2001 From: Dan Mick (Dan Mick) Date: Mon, 23 Jul 2001 12:17:51 -0700 (PDT) Subject: [Mailman-Developers] "message has implicit destination" Message-ID: <200107231917.MAA15760@utopia.West.Sun.COM> So I understand this perfectly, but apparently I'm a freak; admins and users all over seem to misconstrue this. If it hasn't yet been changed for 2.1, I recommend something more like "List address did not appear in To: or Cc: headers, perhaps because the message was sent with the list address in a Bcc: header." From graham@howlingfrog.com Tue Jul 24 03:56:15 2001 From: graham@howlingfrog.com (Graham TerMarsch) Date: Mon, 23 Jul 2001 19:56:15 -0700 Subject: [Mailman-Developers] Some notes on my stuff... In-Reply-To: <20010723104109.D616@mrbill.net> References: <20010723104109.D616@mrbill.net> Message-ID: <0107231956150J.23608@graham.localdomain> On Monday 23 July 2001 08:41, Bill Bradford wrote: > On Sun, Jul 22, 2001 at 10:15:15PM -0700, Chuq Von Rospach wrote: > > My testing showed the major processing delay was the speed of uptake > > by sendmail, primarily due to DNS delays. And given that you can't > > turn off DNS lookups without turning off a lot of the anti-spam stuff, > > you're kinda stuck. > > I went from sendmail to postfix, and saw at least a 10x speed > improvement (from 12-hours-max from sending an email to a list to > receiving it, to 12 *minutes*.) Turns out Sendmail was choking on the > "backlog" queue of deferred/undeliverable email. Postfix basically says > "okay, I"ll try this later, and i'll deliver the email now that CAN be > delivered". >From some of the "announcement only" lists that I manage for my customers, we found similar things, but managed to do it by firing up different copies of Sendmail periodically to run the mail queue. We too had similar problems with Sendmail stalling when it'd hit some domain that didn't resolve properly or that took forever to connect to, and it slowed the whole process right down. After doing some tweaking and twiddling, we've now got Sendmail configured with several different types of queue runners that we fire up via cron: - One that runs with really _short_ timeouts, to go deep into the mail queue and send stuff out as quick as possible, without bothering to wait for long DNS resolves or slow net connections. - One that runs with really _long_ timeouts, to try to process those msgs going to hosts that just happen to be on the end of really slow links on the net. - And a whole bunch in the middle that we fire up to process mail based on destination domain. By doing a "mailq" and grabbing/counting the destination domains, we can figure out where most of the mail is going, and then use "sendmail -qR" to fire up one (or more) queue runners to deliver mail out to those domains. It did take us a bit of twiddling to get the queue runners to fire up and send things out at full tilt without overloading the machine, but after we got those wrinkles all worked out, we found that Sendmail worked extremely well (and _MUCH_ better than it did with an "out of the box" config). Also found that two Sendmail config options that made a _TON_ of difference, were "HostStatusDirectory" and "SingleThreadDelivery". The first one lets you share your host up/down status amongst all of the running Sendmail procs, while the other keeps you from overloading any one particular destination server by only allowing a single connection to it from your end. ------------------------------------------------------------ And lastly, I think I've got to agree wholeheartedly with Chuq on his notes about spindle usage and IO bandwidth being one of (if not _the_) big limiting factors in delivering mail. This same machine I've discussed above saw a fourfold improvement in mail throughput by pulling the mail spool off onto an underused spindle. I know Sendmail is generally chastized as being slow and doggish as far as SMTP servers go, but from having twiddled with it enough lately, I'm beginning to wonder if thats just because the default config that it builds with is sluggish (as I've been able to get ~8-10x throughput from the same server just from reshuffling and retuning the config and the queue runners). -- Graham TerMarsch From claw@2wire.com Tue Jul 24 20:28:55 2001 From: claw@2wire.com (J C Lawrence) Date: Tue, 24 Jul 2001 12:28:55 -0700 Subject: [Mailman-Developers] Some notes on my stuff... In-Reply-To: Message from Graham TerMarsch of "Mon, 23 Jul 2001 19:56:15 PDT." <0107231956150J.23608@graham.localdomain> References: <20010723104109.D616@mrbill.net> <0107231956150J.23608@graham.localdomain> Message-ID: <2121.996002935@2wire.com> On Mon, 23 Jul 2001 19:56:15 -0700 Graham TerMarsch wrote: > I know Sendmail is generally chastized as being slow and doggish > as far as SMTP servers go, but from having twiddled with it enough > lately, I'm beginning to wonder if thats just because the default > config that it builds with is sluggish (as I've been able to get > ~8-10x throughput from the same server just from reshuffling and > retuning the config and the queue runners). Older versions of sendmail had a very deserved reputation for being asleep at the wheel in the performance arena. Recent versions of sendmail have considerably improved, especially in their queue handling algorithms. They're still not up to the level of the competition (specifically exim, postfix, qmail), but they've taken at least an order of magnitude out of the gap. How I look at it: Pro: Many old timers know sendmail and are comfortable with Sendmail. Sendmail is the default MTA on most (all?) commercial *ix. There are readily available monitoring tools for Sendmail (snmp etc) Supports UUCP better than most. Con: Unreadable/impractical/painful config file -- exim/postfix/qmail/smail all have very human readable and well documented configu files. Mediocre if reasonable performance. Requires considerable work to tune reasonably. Cannot turn off DNS verification for messages received on without also universally disabling SPAM checks (per Chuq). Unimpressive security history. SMail is a lot slicker and easier for UUCP mail than Sendmail Poor spool administrative tools (cf eximon) While endlessly configurable/extensible, such extensions are sufficiently opaque as to be effectively write-only (cf exim and postfix in particular) -- J C Lawrence )\._.,--....,'``. ---------(*) /, _.. \ _\ ;`._ ,. claw@kanga.nu `._.-(,_..'--(,_..'`-.;.' http://www.kanga.nu/~claw/ Oh Freddled Gruntbuggly From barry@zope.com Wed Jul 25 05:39:11 2001 From: barry@zope.com (Barry A. Warsaw) Date: Wed, 25 Jul 2001 00:39:11 -0400 Subject: [Mailman-Developers] mailmanctl patch References: Message-ID: <15198.19823.385990.726240@anthem.wooz.org> >>>>> "JR" == John Read writes: JR> Hi, after installing the new beta version I found that not JR> having starting, and stopping messages in the mailmanctl was JR> confusing when it was included in the Linux startup JR> scripts. All other system services have a short message JR> stating what they doing during the boot phase. JR> I have included the start, restart, and stop messages into JR> mailmanctl, and included the changes in a short patch JR> file. (Its only three lines of code so dont get excited!!) JR> Otherwise the installation, and testing so far has been JR> without any problems. Great software. Thanks x 3 (thanks for the patch, thanks for testing this stuff out, and thanks for the compliment! :). I've applied your patch with minor changes (i.e. marking those strings as translatable). -Barry From barry@zope.com Wed Jul 25 06:18:57 2001 From: barry@zope.com (Barry A. Warsaw) Date: Wed, 25 Jul 2001 01:18:57 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] endless loop with 2.1.a2 References: <007c01c11024$e9dbd590$85f34298@overlord> Message-ID: <15198.22209.471057.433386@anthem.wooz.org> >>>>> "SS" == Szabolcs Szigeti writes: SS> I've just tried 2.1.a2, and i've found the following: lists SS> created before the upgrade (from 2.0.5) fall into and endless SS> loop, if there is any message for the moderator. Until i hit SS> mailmanctl stop, mailman creates copies of the messages, and SS> places it into the admindb. In a couple of seconds, there will SS> be thousands of messages waiting for the moderator. Lists SS> created after the upgrade seem to work OK. I haven't rigorously tested the upgrade path from 2.0.5 -> 2.1, but I'll watch out for this when I do. -Barry From szigi@ik.bme.hu Wed Jul 25 09:30:09 2001 From: szigi@ik.bme.hu (Szabolcs Szigeti) Date: Wed, 25 Jul 2001 10:30:09 +0200 Subject: [Mailman-Developers] Re: [Mailman-Users] endless loop with 2.1.a2 References: <007c01c11024$e9dbd590$85f34298@overlord> <15198.22209.471057.433386@anthem.wooz.org> Message-ID: <002601c114e4$047aa4d0$85f34298@overlord> Hi, Thanks for the feedback. One other mailman user wrote me, that he had also experienced this problem. However, on Friday I downloaded the lates sources via CVS, and this problem seems to have disappeared. I did some tests, and I haven't seen this bug since then. Szabolcs > SS> I've just tried 2.1.a2, and i've found the following: lists > SS> created before the upgrade (from 2.0.5) fall into and endless > SS> loop, if there is any message for the moderator. Until i hit > SS> mailmanctl stop, mailman creates copies of the messages, and > SS> places it into the admindb. In a couple of seconds, there will > SS> be thousands of messages waiting for the moderator. Lists > SS> created after the upgrade seem to work OK. > > I haven't rigorously tested the upgrade path from 2.0.5 -> 2.1, but > I'll watch out for this when I do. From barry@zope.com Wed Jul 25 20:54:55 2001 From: barry@zope.com (Barry A. Warsaw) Date: Wed, 25 Jul 2001 15:54:55 -0400 Subject: [Mailman-Developers] ANNOUNCE Mailman 2.0.6 Message-ID: <15199.9231.468022.571002@anthem.wooz.org> Folks, I've just released Mailman 2.0.6 which fixes a potential security problem in Mailman 2.0.x, and includes a few other minor bug fixes. It is possible, although unlikely, that you could have an empty site password, or an empty list password. Because of peculiarities in the Unix crypt() function, such empty passwords could allow unauthorized access to the list administrative pages with an arbitrary password string. This situation does not occur normally, but it is possible to create it by accident (e.g. by touch'ing data/adm.pw). This patch ensures that such empty passwords do not allow unauthorized access, by first checking to make sure that the salt is at least 2 characters in length. Alternatively, you can make sure that either data/adm.pw does not exist or that it is not empty. For the extra paranoid, you'd need to be sure that none of your lists have empty passwords, but that's an even more difficult situation to create by accident. This patch guards against both situations. Please note that Mailman 2.1alpha is not vulnerable to this problem because it does not use crypt(). A few other minor bugs have been fixed; see the NEWS excerpt below for details. As usual, I'm releasing this as both a complete tarball and as a patch against Mailman 2.0.5. You /must/ update your source to 2.0.5 before applying the 2.0.6 patch. Since the patch is small, I'm including it in this message. To apply, cd into your 2.0.5 source tree and apply it like so: % patch -p0 < mailman-2.0.5-2.0.6.txt Then run "config.status; make install". Currently both http://mailman.sf.net and http://www.list.org are updated, and I expect the gnu.org site to be updated soon as well. The release information on SF is at http://sourceforge.net/project/shownotes.php?release_id=45268 See also http://www.gnu.org/software/mailman http://www.list.org http://mailman.sf.net My thanks to Dave Helton, Ray Sanders, and Thomas Wouters for their help with this release. Enjoy, -Barry Index: NEWS =================================================================== RCS file: /cvsroot/mailman/mailman/NEWS,v retrieving revision 1.25.2.6 retrieving revision 1.25.2.9 diff -u -r1.25.2.6 -r1.25.2.9 --- NEWS 2001/05/03 21:06:56 1.25.2.6 +++ NEWS 2001/07/25 18:52:27 1.25.2.9 @@ -4,6 +4,34 @@ Here is a history of user visible changes to Mailman. +2.0.6 (25-Jul-2001) + + Security fix: + + - Fixed a potential security hole which could allow access to list + administrative features by unauthorized users. If there is an + empty data/adm.pw file (the site password file), then any + password will be accepted as the list administrative password. + This exploit is caused by a common "bug" in the crypt() function + suffered by several Unix distributions, including at least + GNU/Linux and Solaris. Given a salt string of length zero, + crypt() always returns the empty string. + + In lieu of applying this patch, sites can run bin/mmsitepass and + ensure that data/adm.pw is of length 2 or greater. + + Bug fixes: + + - Ensure that even if DEFAULT_URL is misconfigured in mm_cfg.py + (i.e. is missing a trailing slash), it is always fixed upon list + creation. + + - Check for administrivia holds before any other tests. + + - SF bugs fixed: 407666, 227694 + + - Other miscellaneous buglets fixed. + 2.0.5 (04-May-2001) Fix a lock stagnation problem that can result when the user hits Index: Mailman/MailList.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/MailList.py,v retrieving revision 1.189 retrieving revision 1.189.2.2 diff -u -r1.189 -r1.189.2.2 --- Mailman/MailList.py 2000/11/16 04:33:27 1.189 +++ Mailman/MailList.py 2001/05/29 14:45:27 1.189.2.2 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -712,7 +712,7 @@ " fails, or if the pattern does contain an `@', then the pattern" " is matched against the entire recipient address. " "

    Matching against the local part is deprecated; in a future" - " release, the patterm will always be matched against the " + " release, the pattern will always be matched against the " " entire recipient address."), ('max_num_recipients', mm_cfg.Number, 5, 0, @@ -787,6 +787,7 @@ self.InitVars(name, admin, crypted_password) self._ready = 1 self.InitTemplates() + self.CheckValues() self.Save() # Touch these files so they have the right dir perms no matter what. # A "just-in-case" thing. This shouldn't have to be here. Index: Mailman/SecurityManager.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v retrieving revision 1.31 retrieving revision 1.31.2.1 diff -u -r1.31 -r1.31.2.1 --- Mailman/SecurityManager.py 2000/10/02 20:40:41 1.31 +++ Mailman/SecurityManager.py 2001/07/25 18:07:51 1.31.2.1 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -44,8 +44,12 @@ def ValidAdminPassword(self, pw): if Utils.CheckSiteAdminPassword(pw): return 1 - return type(pw) == StringType and \ - Crypt.crypt(pw, self.password) == self.password + salt = self.password[:2] + # crypt() has a bug in that if the salt is the empty string, it will + # always return the empty string, regardless of the key. :( + if len(salt) < 2: + return 0 + return Crypt.crypt(pw, salt) == self.password def ConfirmAdminPassword(self, pw): if not self.ValidAdminPassword(pw): Index: Mailman/Utils.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Utils.py,v retrieving revision 1.104.2.2 retrieving revision 1.104.2.4 diff -u -r1.104.2.2 -r1.104.2.4 --- Mailman/Utils.py 2001/04/18 04:23:07 1.104.2.2 +++ Mailman/Utils.py 2001/07/25 18:06:46 1.104.2.4 @@ -262,7 +262,7 @@ finally: os.umask(ou) if verbose: - print 'made directory: ', madepart + print 'made directory: ', made_part @@ -405,7 +405,12 @@ f = open(mm_cfg.SITE_PW_FILE) pw2 = f.read() f.close() - return Crypt.crypt(pw1, pw2[:2]) == pw2 + salt = pw2[:2] + # crypt() has a bug in that if the salt is the empty string, it will + # always return the empty string, regardless of the key. :( + if len(salt) < 2: + return 0 + return Crypt.crypt(pw1, salt) == pw2 # There probably is no site admin password if there was an exception except IOError: return 0 Index: Mailman/Version.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v retrieving revision 1.20.2.5 retrieving revision 1.20.2.6 diff -u -r1.20.2.5 -r1.20.2.6 --- Mailman/Version.py 2001/05/03 20:58:19 1.20.2.5 +++ Mailman/Version.py 2001/07/25 18:05:30 1.20.2.6 @@ -15,7 +15,7 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # Mailman version -VERSION = "2.0.5" +VERSION = "2.0.6" # And as a hex number in the manner of PY_VERSION_HEX ALPHA = 0xa @@ -27,7 +27,7 @@ MAJOR_REV = 2 MINOR_REV = 0 -MICRO_REV = 5 +MICRO_REV = 6 REL_LEVEL = FINAL # at most 15 beta releases! REL_SERIAL = 0 Index: Mailman/versions.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/versions.py,v retrieving revision 1.27 retrieving revision 1.27.2.1 diff -u -r1.27 -r1.27.2.1 --- Mailman/versions.py 2000/06/14 05:09:58 1.27 +++ Mailman/versions.py 2001/07/10 14:58:56 1.27.2.1 @@ -142,7 +142,7 @@ # set admin_notify_mchanges # if not hasattr(l, "admin_notify_mchanges"): - setatrr(l, "admin_notify_mchanges", + setattr(l, "admin_notify_mchanges", mm_cfg.DEFAULT_ADMIN_NOTIFY_MCHANGES) # # Convert the members and digest_members addresses so that the keys of Index: Mailman/Archiver/pipermail.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Archiver/pipermail.py,v retrieving revision 1.15 retrieving revision 1.15.2.2 diff -u -r1.15 -r1.15.2.2 --- Mailman/Archiver/pipermail.py 2000/10/20 06:18:11 1.15 +++ Mailman/Archiver/pipermail.py 2001/06/01 22:30:16 1.15.2.2 @@ -62,7 +62,7 @@ # Abstract class for databases -class DatabaseInterface: +class DatabaseInterface: def __init__(self): pass def close(self): pass def getArticle(self, archive, msgid): pass @@ -162,13 +162,15 @@ id = strip_separators(message.getheader('Message-Id')) if id == "": self.msgid = str(self.sequence) - else: self.msgid = id + else: + self.msgid = id if message.has_key('Subject'): self.subject = str(message['Subject']) else: + self.subject = 'No subject' + if self.subject == "": self.subject = 'No subject' - if self.subject == "": self.subject = 'No subject' self._set_date(message) @@ -180,7 +182,8 @@ self.email = strip_separators(self.email) self.author = strip_separators(self.author) - if self.author == "": self.author = self.email + if self.author == "": + self.author = self.email # Save the In-Reply-To:, References:, and Message-ID: lines # @@ -197,8 +200,10 @@ self.in_reply_to = '' else: match = msgid_pat.search(i_r_t) - if match is None: self.in_reply_to = '' - else: self.in_reply_to = strip_separators(match.group(1)) + if match is None: + self.in_reply_to = '' + else: + self.in_reply_to = strip_separators(match.group(1)) references = message.getheader('References') if references is None: @@ -352,7 +357,7 @@ refs[0]) for ref in refs[1:]: a = self.database.getArticle(self.archive, ref) - if a.date > maxdate.data: + if a.date > maxdate.date: maxdate = a parentID = maxdate.msgid else: Index: Mailman/Bouncers/BouncerAPI.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/BouncerAPI.py,v retrieving revision 1.11 retrieving revision 1.11.2.1 diff -u -r1.11 -r1.11.2.1 --- Mailman/Bouncers/BouncerAPI.py 2000/09/21 04:50:10 1.11 +++ Mailman/Bouncers/BouncerAPI.py 2001/07/10 15:00:09 1.11.2.1 @@ -82,6 +82,7 @@ # for testing if __name__ == '__main__': + import sys import mimetools from Mailman import MailList Index: Mailman/Bouncers/DSN.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/DSN.py,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- Mailman/Bouncers/DSN.py 2000/07/21 05:25:53 1.7 +++ Mailman/Bouncers/DSN.py 2001/07/25 18:04:42 1.7.2.1 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -43,8 +43,8 @@ def process(msg): - if msg.gettype() <> 'multipart/report' or \ - msg.getparam('report-type') <> 'delivery-status': + if string.lower(msg.gettype()) <> 'multipart/report' or \ + string.lower(msg.getparam('report-type')) <> 'delivery-status': # then return None boundary = msg.getparam('boundary') Index: Mailman/Cgi/handle_opts.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/Attic/handle_opts.py,v retrieving revision 1.30.2.2 retrieving revision 1.30.2.3 diff -u -r1.30.2.2 -r1.30.2.3 --- Mailman/Cgi/handle_opts.py 2001/05/03 21:05:06 1.30.2.2 +++ Mailman/Cgi/handle_opts.py 2001/07/10 14:52:32 1.30.2.3 @@ -266,14 +266,14 @@ except Errors.MMNotAMemberError: PrintResults(mlist, operation, doc, "%s isn't subscribed to this list." - % mail.GetSender(), user) + % user, user) except Errors.MMListNotReadyError: PrintResults(mlist, operation, doc, "List is not functional.", user) except Errors.MMNoSuchUserError: PrintResults(mlist, operation, doc, "%s is not subscribed to this list." - % mail.GetSender(), user) + % user, user) except Errors.MMBadPasswordError: PrintResults(mlist, operation, doc, "You gave the wrong password.", user) Index: Mailman/Handlers/Hold.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Handlers/Hold.py,v retrieving revision 1.16 retrieving revision 1.16.2.2 diff -u -r1.16 -r1.16.2.2 --- Mailman/Handlers/Hold.py 2000/08/01 23:02:28 1.16 +++ Mailman/Handlers/Hold.py 2001/05/31 21:05:44 1.16.2.2 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -118,6 +118,11 @@ if not sender or sender[:len(listname)+6] == adminaddr: sender = msg.GetSender(use_envelope=0) # + # possible administrivia? + if mlist.administrivia and Utils.IsAdministrivia(msg): + hold_for_approval(mlist, msg, msgdata, Administrivia) + # no return + # # is the poster in the list of explicitly forbidden posters? if len(mlist.forbidden_posters): forbiddens = Utils.List2Dict(mlist.forbidden_posters) @@ -175,11 +180,6 @@ not msgdata.get('fromusenet'): # then hold_for_approval(mlist, msg, msgdata, ImplicitDestination) - # no return - # - # possible administrivia? - if mlist.administrivia and Utils.IsAdministrivia(msg): - hold_for_approval(mlist, msg, msgdata, Administrivia) # no return # # suspicious headers? Index: admin/www/download.ht =================================================================== RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v retrieving revision 1.5.2.6 retrieving revision 1.5.2.7 diff -u -r1.5.2.6 -r1.5.2.7 --- admin/www/download.ht 2001/05/03 21:09:36 1.5.2.6 +++ admin/www/download.ht 2001/07/25 18:08:31 1.5.2.7 @@ -65,9 +65,9 @@

    Downloading

    Version -(2.0.5, +(2.0.6, released on -May 4 2001) +Jul 25 2001) is the current GNU release. It is available from the following mirror sites:

      Index: admin/www/download.html =================================================================== RCS file: /cvsroot/mailman/mailman/admin/www/download.html,v retrieving revision 1.6.2.8 retrieving revision 1.6.2.9 diff -u -r1.6.2.8 -r1.6.2.9 --- admin/www/download.html 2001/05/03 21:09:36 1.6.2.8 +++ admin/www/download.html 2001/07/25 18:08:31 1.6.2.9 @@ -1,6 +1,6 @@ - + 2.0.5, +(2.0.6, released on -May 4 2001) +Jul 25 2001) is the current GNU release. It is available from the following mirror sites:
        Index: bin/find_member =================================================================== RCS file: /cvsroot/mailman/mailman/bin/find_member,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- bin/find_member 2000/09/11 03:58:57 1.5 +++ bin/find_member 2001/07/25 17:38:43 1.5.2.1 @@ -90,7 +90,7 @@ try: mlist = MailList.MailList(listname, lock=0) except Errors.MMListError: - print 'No such list "%s"' % name + print 'No such list "%s"' % listname continue if options.owners: owners = mlist.owner Index: src/cgi-wrapper.c =================================================================== RCS file: /cvsroot/mailman/mailman/src/cgi-wrapper.c,v retrieving revision 1.13 retrieving revision 1.13.2.1 diff -u -r1.13 -r1.13.2.1 --- src/cgi-wrapper.c 2000/03/21 06:26:41 1.13 +++ src/cgi-wrapper.c 2001/05/29 13:20:27 1.13.2.1 @@ -23,7 +23,7 @@ /* passed in by configure */ #define SCRIPTNAME SCRIPT -#define LOG_IDENT "Mailman cgi-wrapper (" ## SCRIPT ## ")" +#define LOG_IDENT "Mailman cgi-wrapper (" SCRIPT ")" /* GID that CGI scripts run as. See your Web server's documentation. */ #define LEGAL_PARENT_GID CGI_GID Index: src/common.c =================================================================== RCS file: /cvsroot/mailman/mailman/src/common.c,v retrieving revision 1.26 retrieving revision 1.26.2.1 diff -u -r1.26 -r1.26.2.1 --- src/common.c 2000/11/09 06:18:02 1.26 +++ src/common.c 2001/05/29 13:20:27 1.26.2.1 @@ -20,7 +20,7 @@ #include "common.h" /* passed in by configure */ -#define SCRIPTDIR PREFIX ## "/scripts/" /* trailing slash */ +#define SCRIPTDIR PREFIX "/scripts/" /* trailing slash */ #define MODULEDIR PREFIX /* no trailing slash */ const char* scriptdir = SCRIPTDIR; From nadialex@total.net Thu Jul 26 03:24:34 2001 From: nadialex@total.net (Nadia Alexan) Date: Wed, 25 Jul 2001 22:24:34 -0400 Subject: [Mailman-Developers] RE: [Mailman-Announce] ANNOUNCE Mailman 2.0.6 In-Reply-To: <15199.9231.468022.571002@anthem.wooz.org> Message-ID: <005e01c1157a$1c164720$6811149a@nadia> Hi Barry, I didn't understand a word you wrote. For computer illiterates, like me, your message might have well been written in Swahili!! Nadia > -----Original Message----- > From: mailman-announce-admin@python.org > [mailto:mailman-announce-admin@python.org]On Behalf Of Barry A. Warsaw > Sent: Wednesday, July 25, 2001 3:55 PM > To: mailman-announce@python.org > Cc: mailman-users@python.org; mailman-developers@python.org > Subject: [Mailman-Announce] ANNOUNCE Mailman 2.0.6 > > > > Folks, > > I've just released Mailman 2.0.6 which fixes a potential security > problem in Mailman 2.0.x, and includes a few other minor bug fixes. > > It is possible, although unlikely, that you could have an empty site > password, or an empty list password. Because of peculiarities in the > Unix crypt() function, such empty passwords could allow unauthorized > access to the list administrative pages with an arbitrary password > string. This situation does not occur normally, but it is possible to > create it by accident (e.g. by touch'ing data/adm.pw). > > This patch ensures that such empty passwords do not allow unauthorized > access, by first checking to make sure that the salt is at least 2 > characters in length. Alternatively, you can make sure that either > data/adm.pw does not exist or that it is not empty. For the extra > paranoid, you'd need to be sure that none of your lists have empty > passwords, but that's an even more difficult situation to create by > accident. > > This patch guards against both situations. Please note that Mailman > 2.1alpha is not vulnerable to this problem because it does not use > crypt(). > > A few other minor bugs have been fixed; see the NEWS excerpt below for > details. > > As usual, I'm releasing this as both a complete tarball and as a patch > against Mailman 2.0.5. You /must/ update your source to 2.0.5 before > applying the 2.0.6 patch. Since the patch is small, I'm including it > in this message. To apply, cd into your 2.0.5 source tree and apply > it like so: > > % patch -p0 < mailman-2.0.5-2.0.6.txt > > Then run "config.status; make install". > > Currently both http://mailman.sf.net and http://www.list.org are > updated, and I expect the gnu.org site to be updated soon as well. > The release information on SF is at > > http://sourceforge.net/project/shownotes.php?release_id=45268 > > See also > > http://www.gnu.org/software/mailman > http://www.list.org > http://mailman.sf.net > > My thanks to Dave Helton, Ray Sanders, and Thomas Wouters for their > help with this release. > > Enjoy, > -Barry > > Index: NEWS > =================================================================== > RCS file: /cvsroot/mailman/mailman/NEWS,v > retrieving revision 1.25.2.6 > retrieving revision 1.25.2.9 > diff -u -r1.25.2.6 -r1.25.2.9 > --- NEWS 2001/05/03 21:06:56 1.25.2.6 > +++ NEWS 2001/07/25 18:52:27 1.25.2.9 > @@ -4,6 +4,34 @@ > > Here is a history of user visible changes to Mailman. > > +2.0.6 (25-Jul-2001) > + > + Security fix: > + > + - Fixed a potential security hole which could allow access to list > + administrative features by unauthorized users. If there is an > + empty data/adm.pw file (the site password file), then any > + password will be accepted as the list administrative password. > + This exploit is caused by a common "bug" in the crypt() function > + suffered by several Unix distributions, including at least > + GNU/Linux and Solaris. Given a salt string of length zero, > + crypt() always returns the empty string. > + > + In lieu of applying this patch, sites can run bin/mmsitepass and > + ensure that data/adm.pw is of length 2 or greater. > + > + Bug fixes: > + > + - Ensure that even if DEFAULT_URL is misconfigured in mm_cfg.py > + (i.e. is missing a trailing slash), it is always fixed upon list > + creation. > + > + - Check for administrivia holds before any other tests. > + > + - SF bugs fixed: 407666, 227694 > + > + - Other miscellaneous buglets fixed. > + > 2.0.5 (04-May-2001) > > Fix a lock stagnation problem that can result when the user hits > Index: Mailman/MailList.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/MailList.py,v > retrieving revision 1.189 > retrieving revision 1.189.2.2 > diff -u -r1.189 -r1.189.2.2 > --- Mailman/MailList.py 2000/11/16 04:33:27 1.189 > +++ Mailman/MailList.py 2001/05/29 14:45:27 1.189.2.2 > @@ -1,4 +1,4 @@ > -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. > +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of the GNU General Public License > @@ -712,7 +712,7 @@ > " fails, or if the pattern does contain an `@', > then the pattern" > " is matched against the entire recipient address. " > "

        Matching against the local part is deprecated; > in a future" > - " release, the patterm will always be matched against the " > + " release, the pattern will always be matched against the " > " entire recipient address."), > > ('max_num_recipients', mm_cfg.Number, 5, 0, > @@ -787,6 +787,7 @@ > self.InitVars(name, admin, crypted_password) > self._ready = 1 > self.InitTemplates() > + self.CheckValues() > self.Save() > # Touch these files so they have the right dir perms no matter what. > # A "just-in-case" thing. This shouldn't have to be here. > Index: Mailman/SecurityManager.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v > retrieving revision 1.31 > retrieving revision 1.31.2.1 > diff -u -r1.31 -r1.31.2.1 > --- Mailman/SecurityManager.py 2000/10/02 20:40:41 1.31 > +++ Mailman/SecurityManager.py 2001/07/25 18:07:51 1.31.2.1 > @@ -1,4 +1,4 @@ > -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. > +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of the GNU General Public License > @@ -44,8 +44,12 @@ > def ValidAdminPassword(self, pw): > if Utils.CheckSiteAdminPassword(pw): > return 1 > - return type(pw) == StringType and \ > - Crypt.crypt(pw, self.password) == self.password > + salt = self.password[:2] > + # crypt() has a bug in that if the salt is the empty > string, it will > + # always return the empty string, regardless of the key. :( > + if len(salt) < 2: > + return 0 > + return Crypt.crypt(pw, salt) == self.password > > def ConfirmAdminPassword(self, pw): > if not self.ValidAdminPassword(pw): > Index: Mailman/Utils.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/Utils.py,v > retrieving revision 1.104.2.2 > retrieving revision 1.104.2.4 > diff -u -r1.104.2.2 -r1.104.2.4 > --- Mailman/Utils.py 2001/04/18 04:23:07 1.104.2.2 > +++ Mailman/Utils.py 2001/07/25 18:06:46 1.104.2.4 > @@ -262,7 +262,7 @@ > finally: > os.umask(ou) > if verbose: > - print 'made directory: ', madepart > + print 'made directory: ', made_part > > > > > @@ -405,7 +405,12 @@ > f = open(mm_cfg.SITE_PW_FILE) > pw2 = f.read() > f.close() > - return Crypt.crypt(pw1, pw2[:2]) == pw2 > + salt = pw2[:2] > + # crypt() has a bug in that if the salt is the empty > string, it will > + # always return the empty string, regardless of the key. :( > + if len(salt) < 2: > + return 0 > + return Crypt.crypt(pw1, salt) == pw2 > # There probably is no site admin password if there was an exception > except IOError: > return 0 > Index: Mailman/Version.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v > retrieving revision 1.20.2.5 > retrieving revision 1.20.2.6 > diff -u -r1.20.2.5 -r1.20.2.6 > --- Mailman/Version.py 2001/05/03 20:58:19 1.20.2.5 > +++ Mailman/Version.py 2001/07/25 18:05:30 1.20.2.6 > @@ -15,7 +15,7 @@ > # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA > 02111-1307, USA. > > # Mailman version > -VERSION = "2.0.5" > +VERSION = "2.0.6" > > # And as a hex number in the manner of PY_VERSION_HEX > ALPHA = 0xa > @@ -27,7 +27,7 @@ > > MAJOR_REV = 2 > MINOR_REV = 0 > -MICRO_REV = 5 > +MICRO_REV = 6 > REL_LEVEL = FINAL > # at most 15 beta releases! > REL_SERIAL = 0 > Index: Mailman/versions.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/versions.py,v > retrieving revision 1.27 > retrieving revision 1.27.2.1 > diff -u -r1.27 -r1.27.2.1 > --- Mailman/versions.py 2000/06/14 05:09:58 1.27 > +++ Mailman/versions.py 2001/07/10 14:58:56 1.27.2.1 > @@ -142,7 +142,7 @@ > # set admin_notify_mchanges > # > if not hasattr(l, "admin_notify_mchanges"): > - setatrr(l, "admin_notify_mchanges", > + setattr(l, "admin_notify_mchanges", > mm_cfg.DEFAULT_ADMIN_NOTIFY_MCHANGES) > # > # Convert the members and digest_members addresses so that > the keys of > Index: Mailman/Archiver/pipermail.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/Archiver/pipermail.py,v > retrieving revision 1.15 > retrieving revision 1.15.2.2 > diff -u -r1.15 -r1.15.2.2 > --- Mailman/Archiver/pipermail.py 2000/10/20 06:18:11 1.15 > +++ Mailman/Archiver/pipermail.py 2001/06/01 22:30:16 1.15.2.2 > @@ -62,7 +62,7 @@ > > # Abstract class for databases > > -class DatabaseInterface: > +class DatabaseInterface: > def __init__(self): pass > def close(self): pass > def getArticle(self, archive, msgid): pass > @@ -162,13 +162,15 @@ > id = strip_separators(message.getheader('Message-Id')) > if id == "": > self.msgid = str(self.sequence) > - else: self.msgid = id > + else: > + self.msgid = id > > if message.has_key('Subject'): > self.subject = str(message['Subject']) > else: > + self.subject = 'No subject' > + if self.subject == "": > self.subject = 'No subject' > - if self.subject == "": self.subject = 'No subject' > > self._set_date(message) > > @@ -180,7 +182,8 @@ > self.email = strip_separators(self.email) > self.author = strip_separators(self.author) > > - if self.author == "": self.author = self.email > + if self.author == "": > + self.author = self.email > > # Save the In-Reply-To:, References:, and Message-ID: lines > # > @@ -197,8 +200,10 @@ > self.in_reply_to = '' > else: > match = msgid_pat.search(i_r_t) > - if match is None: self.in_reply_to = '' > - else: self.in_reply_to = strip_separators(match.group(1)) > + if match is None: > + self.in_reply_to = '' > + else: > + self.in_reply_to = strip_separators(match.group(1)) > > references = message.getheader('References') > if references is None: > @@ -352,7 +357,7 @@ > refs[0]) > for ref in refs[1:]: > a = self.database.getArticle(self.archive, ref) > - if a.date > maxdate.data: > + if a.date > maxdate.date: > maxdate = a > parentID = maxdate.msgid > else: > Index: Mailman/Bouncers/BouncerAPI.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/BouncerAPI.py,v > retrieving revision 1.11 > retrieving revision 1.11.2.1 > diff -u -r1.11 -r1.11.2.1 > --- Mailman/Bouncers/BouncerAPI.py 2000/09/21 04:50:10 1.11 > +++ Mailman/Bouncers/BouncerAPI.py 2001/07/10 15:00:09 1.11.2.1 > @@ -82,6 +82,7 @@ > > > # for testing > if __name__ == '__main__': > + import sys > import mimetools > from Mailman import MailList > > Index: Mailman/Bouncers/DSN.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/DSN.py,v > retrieving revision 1.7 > retrieving revision 1.7.2.1 > diff -u -r1.7 -r1.7.2.1 > --- Mailman/Bouncers/DSN.py 2000/07/21 05:25:53 1.7 > +++ Mailman/Bouncers/DSN.py 2001/07/25 18:04:42 1.7.2.1 > @@ -1,4 +1,4 @@ > -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. > +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of the GNU General Public License > @@ -43,8 +43,8 @@ > > > > def process(msg): > - if msg.gettype() <> 'multipart/report' or \ > - msg.getparam('report-type') <> 'delivery-status': > + if string.lower(msg.gettype()) <> 'multipart/report' or \ > + string.lower(msg.getparam('report-type')) <> 'delivery-status': > # then > return None > boundary = msg.getparam('boundary') > Index: Mailman/Cgi/handle_opts.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/Attic/handle_opts.py,v > retrieving revision 1.30.2.2 > retrieving revision 1.30.2.3 > diff -u -r1.30.2.2 -r1.30.2.3 > --- Mailman/Cgi/handle_opts.py 2001/05/03 21:05:06 1.30.2.2 > +++ Mailman/Cgi/handle_opts.py 2001/07/10 14:52:32 1.30.2.3 > @@ -266,14 +266,14 @@ > except Errors.MMNotAMemberError: > PrintResults(mlist, operation, doc, > "%s isn't subscribed to this list." > - % mail.GetSender(), user) > + % user, user) > except Errors.MMListNotReadyError: > PrintResults(mlist, operation, doc, "List is not > functional.", > user) > except Errors.MMNoSuchUserError: > PrintResults(mlist, operation, doc, > "%s is not subscribed to this list." > - % mail.GetSender(), user) > + % user, user) > except Errors.MMBadPasswordError: > PrintResults(mlist, operation, doc, > "You gave the wrong password.", user) > Index: Mailman/Handlers/Hold.py > =================================================================== > RCS file: /cvsroot/mailman/mailman/Mailman/Handlers/Hold.py,v > retrieving revision 1.16 > retrieving revision 1.16.2.2 > diff -u -r1.16 -r1.16.2.2 > --- Mailman/Handlers/Hold.py 2000/08/01 23:02:28 1.16 > +++ Mailman/Handlers/Hold.py 2001/05/31 21:05:44 1.16.2.2 > @@ -1,4 +1,4 @@ > -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. > +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. > # > # This program is free software; you can redistribute it and/or > # modify it under the terms of the GNU General Public License > @@ -118,6 +118,11 @@ > if not sender or sender[:len(listname)+6] == adminaddr: > sender = msg.GetSender(use_envelope=0) > # > + # possible administrivia? > + if mlist.administrivia and Utils.IsAdministrivia(msg): > + hold_for_approval(mlist, msg, msgdata, Administrivia) > + # no return > + # > # is the poster in the list of explicitly forbidden posters? > if len(mlist.forbidden_posters): > forbiddens = Utils.List2Dict(mlist.forbidden_posters) > @@ -175,11 +180,6 @@ > not msgdata.get('fromusenet'): > # then > hold_for_approval(mlist, msg, msgdata, ImplicitDestination) > - # no return > - # > - # possible administrivia? > - if mlist.administrivia and Utils.IsAdministrivia(msg): > - hold_for_approval(mlist, msg, msgdata, Administrivia) > # no return > # > # suspicious headers? > Index: admin/www/download.ht > =================================================================== > RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v > retrieving revision 1.5.2.6 > retrieving revision 1.5.2.7 > diff -u -r1.5.2.6 -r1.5.2.7 > --- admin/www/download.ht 2001/05/03 21:09:36 1.5.2.6 > +++ admin/www/download.ht 2001/07/25 18:08:31 1.5.2.7 > @@ -65,9 +65,9 @@ >

        Downloading

        > >

        Version > -(2.0.5, > +(2.0.6, > released on > -May 4 2001) > +Jul 25 2001) > is the current GNU release. It is available from the following > mirror sites: > >

          > Index: admin/www/download.html > =================================================================== > RCS file: /cvsroot/mailman/mailman/admin/www/download.html,v > retrieving revision 1.6.2.8 > retrieving revision 1.6.2.9 > diff -u -r1.6.2.8 -r1.6.2.9 > --- admin/www/download.html 2001/05/03 21:09:36 1.6.2.8 > +++ admin/www/download.html 2001/07/25 18:08:31 1.6.2.9 > @@ -1,6 +1,6 @@ > > > - > + > > > 2.0.5, > +(2.0.6, > released on > -May 4 2001) > +Jul 25 2001) > is the current GNU release. It is available from the following > mirror sites: > >
            > Index: bin/find_member > =================================================================== > RCS file: /cvsroot/mailman/mailman/bin/find_member,v > retrieving revision 1.5 > retrieving revision 1.5.2.1 > diff -u -r1.5 -r1.5.2.1 > --- bin/find_member 2000/09/11 03:58:57 1.5 > +++ bin/find_member 2001/07/25 17:38:43 1.5.2.1 > @@ -90,7 +90,7 @@ > try: > mlist = MailList.MailList(listname, lock=0) > except Errors.MMListError: > - print 'No such list "%s"' % name > + print 'No such list "%s"' % listname > continue > if options.owners: > owners = mlist.owner > Index: src/cgi-wrapper.c > =================================================================== > RCS file: /cvsroot/mailman/mailman/src/cgi-wrapper.c,v > retrieving revision 1.13 > retrieving revision 1.13.2.1 > diff -u -r1.13 -r1.13.2.1 > --- src/cgi-wrapper.c 2000/03/21 06:26:41 1.13 > +++ src/cgi-wrapper.c 2001/05/29 13:20:27 1.13.2.1 > @@ -23,7 +23,7 @@ > > /* passed in by configure */ > #define SCRIPTNAME SCRIPT > -#define LOG_IDENT "Mailman cgi-wrapper (" ## SCRIPT ## ")" > +#define LOG_IDENT "Mailman cgi-wrapper (" SCRIPT ")" > > /* GID that CGI scripts run as. See your Web server's documentation. */ > #define LEGAL_PARENT_GID CGI_GID > Index: src/common.c > =================================================================== > RCS file: /cvsroot/mailman/mailman/src/common.c,v > retrieving revision 1.26 > retrieving revision 1.26.2.1 > diff -u -r1.26 -r1.26.2.1 > --- src/common.c 2000/11/09 06:18:02 1.26 > +++ src/common.c 2001/05/29 13:20:27 1.26.2.1 > @@ -20,7 +20,7 @@ > #include "common.h" > > /* passed in by configure */ > -#define SCRIPTDIR PREFIX ## "/scripts/" /* trailing slash */ > +#define SCRIPTDIR PREFIX "/scripts/" /* trailing slash */ > #define MODULEDIR PREFIX /* no trailing slash */ > > const char* scriptdir = SCRIPTDIR; > > _______________________________________________ > Mailman-announce mailing list > Mailman-announce@python.org > http://mail.python.org/mailman/listinfo/mailman-announce > From alaric@babcom.com Thu Jul 26 04:50:47 2001 From: alaric@babcom.com (Phil Stracchino) Date: Wed, 25 Jul 2001 20:50:47 -0700 Subject: [Mailman-Developers] RE: [Mailman-Announce] ANNOUNCE Mailman 2.0.6 In-Reply-To: <005e01c1157a$1c164720$6811149a@nadia>; from nadialex@total.net on Wed, Jul 25, 2001 at 10:24:34PM -0400 References: <15199.9231.468022.571002@anthem.wooz.org> <005e01c1157a$1c164720$6811149a@nadia> Message-ID: <20010725205047.B4073@babylon5.babcom.com> On Wed, Jul 25, 2001 at 10:24:34PM -0400, Nadia Alexan wrote: > Hi Barry, > I didn't understand a word you wrote. For computer illiterates, like me, > your message might have well been written in Swahili!! Nadia OK, Nadia, try this: "There's a security weakness in Mailman-2.0.5. Barry just released Mailman-2.0.6 to fix it. You should upgrade. A patch is attached, should you choose to upgrade by patching your existing Mailman-2.0.5 source code." How's that? :) -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek alaric@babcom.com halmayne@sourceforge.net 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) From barry@wooz.org Thu Jul 26 05:06:04 2001 From: barry@wooz.org (Barry A. Warsaw) Date: Thu, 26 Jul 2001 00:06:04 -0400 Subject: [Mailman-Developers] RE: [Mailman-Announce] ANNOUNCE Mailman 2.0.6 References: <15199.9231.468022.571002@anthem.wooz.org> <005e01c1157a$1c164720$6811149a@nadia> Message-ID: <15199.38700.853460.396098@anthem.wooz.org> >>>>> "NA" == Nadia Alexan writes: NA> Hi Barry, I didn't understand a word you wrote. For computer NA> illiterates, like me, your message might have well been NA> written in Swahili!! Nadia Are you offering to contribute a Swahili translation? :) >>>>> "PS" == Phil Stracchino writes: PS> "There's a security weakness in Mailman-2.0.5. Barry just PS> released Mailman-2.0.6 to fix it. You should upgrade. A PS> patch is attached, should you choose to upgrade by patching PS> your existing Mailman-2.0.5 source code." PS> How's that? :) Yeah, what he said! BTW, Jay Ashworth reminds me that ssh 3.0 was recently bit by the same bug, and when I searched Google for it, I found a discussion of a similar problem in Exim dated back January this year. Weird synchronicity for sure. if-only-the-crypt(3)-manpage-had-/documented/-this-ly y'rs, -Barry From barry@zope.com Thu Jul 26 05:21:08 2001 From: barry@zope.com (Barry A. Warsaw) Date: Thu, 26 Jul 2001 00:21:08 -0400 Subject: [Mailman-Developers] Re: [Mailman-Users] Upgrading from 2.0b5 to 2.1a2 References: Message-ID: <15199.39604.169179.996378@anthem.wooz.org> [Note: I'm moving this discussion to malman-developers. -baw] >>>>> "JAA" == Jose A Accino writes: JAA> Is there any clean way to make a smooth upgrade from 2.0b5 to JAA> lates 2.1a2? (I'm making that just to check the upgrade JAA> process, using a spare machine and a copy of the actual JAA> lists). JAA> Making a 2.1a2 fresh installation (without lists) runs fine. JAA> However, I've been unable to upgrade the old lists. Here are JAA> the main points: There's two ways to upgrade, neither of which has gotten a lot of testing. Based on you're message I tried the first way, and I'm about to check in a bunch of patches to make that go smoother. I'll try the second way soon. 1) Install a fresh virgin MM2.1 in /usr/local/mailman and then move lists from /home/mailman (MM2.0.x) to /usr/local/mailman. This way lets you migrate lists one at a time, gaining confidence in the new system in measured increments. I will probably upgrade {python,zope}.org this way. 2) Install MM2.1 overtop an existing MM2.0.x installation and have everything just magically work. I'll probably upgrade wooz.org's production lists this way. Both ought to work, and ought to be easy. After the checkins, here's a recipe that makes #1 easy: - Do a fresh install of MM2.1 in /usr/local/mailman according to the instructions. - Copy or move `mylist' by first moving /home/mailman/lists/mylist to /usr/local/mailman/lists/mylist and /home/mailman/archives/private/mylist.mbox to /usr/local/mailman/archives/private BTW, I used rsync for this, just cause it's a cool tool and I can actually remember how to invoke it with the right options. :) That's it. Everything else should just work, except for possibly two minor complications. - If your web server is going to support both installations, it's possible you'll have two different base urls, one for your MM2.0.x installation and one for your MM2.1 installation. If so, you'll need to manually change each moved list's web_page_url attribute. Fortunately, I'm about to add a script called `fix_url' which will reset a list's web_page_url to mm_cfg.DEFAULT_URL. So if you configure mm_cfg.py correctly, then run fix_url, you should be golden. I.e. % bin/withlist -l -r fix_url mylist - Same dealie with your MTA, i.e. your wrapper aliases may point to two different directories. Here, because I use Postfix and glued them together as described in README.POSTFIX, all I needed to do was run bin/genaliases and the new list aliases got installed. I'm sure that if you use Exim and glued them together as per README.EXIM, you probably don't need to do anything. (I'm still waiting on contributions for better gluing instructions for Sendmail, qmail, and any others.) -Barry From jarrell@vt.edu Thu Jul 26 06:39:28 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 01:39:28 -0400 Subject: [Mailman-Developers] mm-handler Message-ID: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> Hey, Barry, while you're checking things in, how about committing contrib/mm-handler, which isn't actually in the repository, despite what README.SENDMAIL says. BTW, although I haven't tried it yet, I'm still sure you're missing something in those instructions. Just defining a mailer isn't going to do anything unless there's a rule somewhere, like in the mailertab, that defines a particular pattern that causes it to *use* said mail. Sendmail often operates by black magic, but this is blacker than most. From dgc@uchicago.edu Thu Jul 26 06:47:10 2001 From: dgc@uchicago.edu (David Champion) Date: Thu, 26 Jul 2001 00:47:10 -0500 Subject: [Mailman-Developers] Re: mm-handler In-Reply-To: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> References: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> Message-ID: <20010726004710.B9012@smack.uchicago.edu> On 2001.07.26, in <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu>, "Ron Jarrell" wrote: > > Hey, Barry, while you're checking things in, how about committing > contrib/mm-handler, which isn't actually in the repository, despite what > README.SENDMAIL says. Urgh. This is my fault. I've been ignoring Barry's reminder that I've been supposed to contrib this for the last 4 months, because I'm on vacation this week. :) > BTW, although I haven't tried it yet, I'm still sure you're missing > something in those instructions. Just defining a mailer isn't going to > do anything unless there's a rule somewhere, like in the mailertab, that > defines a particular pattern that causes it to *use* said mail. Sendmail > often operates by black magic, but this is blacker than most. Yes, the instructions are a bit out of date. You can find an only-marginally-outdated version of mm-handler in the mailman-developers archive; the full directions on how to make it go are what's mainly missing here. I'll try to put those together RSN. -- -D. dgc@uchicago.edu NSIT University of Chicago From claw@2wire.com Thu Jul 26 06:47:38 2001 From: claw@2wire.com (J C Lawrence) Date: Wed, 25 Jul 2001 22:47:38 -0700 Subject: [Mailman-Developers] mm-handler In-Reply-To: Message from Ron Jarrell of "Thu, 26 Jul 2001 01:39:28 EDT." <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> References: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> Message-ID: <5902.996126458@2wire.com> On Thu, 26 Jul 2001 01:39:28 -0400 Ron Jarrell wrote: > BTW, although I haven't tried it yet, I'm still sure you're > missing something in those instructions. Just defining a mailer > isn't going to do anything unless there's a rule somewhere, like > in the mailertab, that defines a particular pattern that causes it > to *use* said mail. Sendmail often operates by black magic, but > this is blacker than most. PETA made him take out the bit about the sacrificial goats and the splattering of blood under a new moon. -- J C Lawrence )\._.,--....,'``. ---------(*) /, _.. \ _\ ;`._ ,. claw@kanga.nu `._.-(,_..'--(,_..'`-.;.' http://www.kanga.nu/~claw/ Oh Freddled Gruntbuggly From barry@zope.com Thu Jul 26 06:49:31 2001 From: barry@zope.com (Barry A. Warsaw) Date: Thu, 26 Jul 2001 01:49:31 -0400 Subject: [Mailman-Developers] mm-handler References: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> Message-ID: <15199.44907.521270.141674@anthem.wooz.org> >>>>> "RJ" == Ron Jarrell writes: RJ> Hey, Barry, while you're checking things in, how about RJ> committing contrib/mm-handler, which isn't actually in the RJ> repository, despite what README.SENDMAIL says. I wish I could, but I've never seen it. AFAIR, David Champion was going to send it to me, but I don't think I ever actually go it. If you did David and I just lost it, then I apologize! Please resend. RJ> BTW, although I haven't tried it yet, I'm still sure you're RJ> missing something in those instructions. Just defining a RJ> mailer isn't going to do anything unless there's a rule RJ> somewhere, like in the mailertab, that defines a particular RJ> pattern that causes it to *use* said mail. Sendmail often RJ> operates by black magic, but this is blacker than most. I gave up Sendmail hacking years ago, and that one simple act lead to the loosening of my restraints, the toning down of my medication, and my eventual release back into the World of the Shiny Happy People. Even the bruise on my forehead eventually healed. IOW, Sendmail hackers, please send help. Between Fil and myself, I think we've got Postfix covered, and I'm ecstatic that Nigel is here to help with Exim, but I really need help from you folks to provide good solutions for Sendmail, Qmail, and any other popular MTA. -Barry From barry@zope.com Thu Jul 26 06:51:53 2001 From: barry@zope.com (Barry A. Warsaw) Date: Thu, 26 Jul 2001 01:51:53 -0400 Subject: [Mailman-Developers] Re: mm-handler References: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> <20010726004710.B9012@smack.uchicago.edu> Message-ID: <15199.45049.717467.519283@anthem.wooz.org> >>>>> "DC" == David Champion writes: DC> I'll try to put those together RSN. Ah cool. I'm going to sleep now. David, finish your vacation first! a-list-mom's-gotta-look-out-for-the-kids-ly y'rs, -Barry From jarrell@vt.edu Thu Jul 26 06:53:44 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 01:53:44 -0400 Subject: [Mailman-Developers] mm-handler In-Reply-To: <15199.44907.521270.141674@anthem.wooz.org> References: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> Message-ID: <5.1.0.14.2.20010726015115.07e0b7f0@lennier.cc.vt.edu> At 01:49 AM 7/26/01 -0400, you wrote: >>>>>> "RJ" == Ron Jarrell writes: > > RJ> Hey, Barry, while you're checking things in, how about > RJ> committing contrib/mm-handler, which isn't actually in the > RJ> repository, despite what README.SENDMAIL says. > >I wish I could, but I've never seen it. AFAIR, David Champion was >going to send it to me, but I don't think I ever actually go it. If >you did David and I just lost it, then I apologize! Please resend. > > RJ> BTW, although I haven't tried it yet, I'm still sure you're > RJ> missing something in those instructions. Just defining a > RJ> mailer isn't going to do anything unless there's a rule > RJ> somewhere, like in the mailertab, that defines a particular > RJ> pattern that causes it to *use* said mail. Sendmail often > RJ> operates by black magic, but this is blacker than most. > >I gave up Sendmail hacking years ago, and that one simple act lead to >the loosening of my restraints, the toning down of my medication, and >my eventual release back into the World of the Shiny Happy People. >Even the bruise on my forehead eventually healed. > >IOW, Sendmail hackers, please send help. Between Fil and myself, I >think we've got Postfix covered, and I'm ecstatic that Nigel is here >to help with Exim, but I really need help from you folks to provide >good solutions for Sendmail, Qmail, and any other popular MTA. Well, David just indicated that he's going to get to it Real Soon Now, but basically, you're going to need to not only define that mailer, but add a FEATURE(mailertable), then define the mailertable map file, which would having something like mail.python.org mailman:mail.python.org Then any mail to mail.python.org in it would be processed with the mailman mailer. Which means sites that don't reserve a seperate hostname for their lists are ineligible, but the ones that do are golden. (sendmail hacker for far, far too many years.) From jarrell@vt.edu Thu Jul 26 06:57:04 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 01:57:04 -0400 Subject: [Mailman-Developers] Re: mm-handler In-Reply-To: <15199.45049.717467.519283@anthem.wooz.org> References: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> <20010726004710.B9012@smack.uchicago.edu> Message-ID: <5.1.0.14.2.20010726015422.07ded8a0@lennier.cc.vt.edu> At 01:51 AM 7/26/01 -0400, Barry A. Warsaw wrote: >>>>>> "DC" == David Champion writes: > > DC> I'll try to put those together RSN. > >Ah cool. I'm going to sleep now. David, finish your vacation first! Sleep? Sleep? Totally inadequate substitute for caffeine, man. Although I'll settle for it if I can ever get the #(($)% news server to finish rebuilding all its indexes. It's looking more and more like there's a bug in BerkeleyDB in addition to the bugs in the inn... From jarrell@vt.edu Thu Jul 26 07:49:12 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 02:49:12 -0400 Subject: [Mailman-Developers] Re: mm-handler In-Reply-To: <5.1.0.14.2.20010726015422.07ded8a0@lennier.cc.vt.edu> References: <15199.45049.717467.519283@anthem.wooz.org> <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> <20010726004710.B9012@smack.uchicago.edu> Message-ID: <5.1.0.14.2.20010726024450.038018d0@lennier.cc.vt.edu> Having finally found the urls to the most currently posted version of mm-handler (version 1.8), and having fiddled, I've gotten it to work. It's not for the faint of heart. If you're comfortable with configuring sendmail, using m4, and potentially building optional components for it (you'll need makemap, which, even if on your os, might be the wrong version of db!) you can get it to work. The good news is you only need to do the real work once, then there's a little bit of work once per host. But you do have do dedicate a hostname name to mailman lists. From jarrell@vt.edu Thu Jul 26 08:49:04 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 03:49:04 -0400 (EDT) Subject: [Mailman-Developers] current snapshot startup woes Message-ID: <200107260749.f6Q7n4s06438@babylon5.cc.vt.edu> FYI, I built and installed the current snapshot on my test machine (which did have a couple of articles lying around in the queues that were never delivered when I last stopped qrunner...) Doing a mailmanctl start got me page after page of this... Traceback (most recent call last): File "bin/mailmanctl", line 207, in ? main() File "bin/mailmanctl", line 196, in main Control.start(restart) File "/home/mailman/Mailman/Queue/Control.py", line 209, in start master(restart, lock) File "/home/mailman/Mailman/Queue/Control.py", line 163, in master newpid = start_runner(qrclass, slice, count) File "/home/mailman/Mailman/Queue/Control.py", line 111, in start_runner qrunner.run() File "/home/mailman/Mailman/Queue/Runner.py", line 58, in run filecnt = self.__oneloop() File "/home/mailman/Mailman/Queue/Runner.py", line 81, in __oneloop files = self._switchboard.files() File "/home/mailman/Mailman/Queue/Switchboard.py", line 175, in files when, digest = filebase.split('+') ValueError: unpack list of wrong size From jarrell@vt.edu Thu Jul 26 09:18:36 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 04:18:36 -0400 (EDT) Subject: [Mailman-Developers] create error Message-ID: <200107260818.f6Q8Ia909505@babylon5.cc.vt.edu> Tried experimenting with the create web form. (Note that I left MTA set to Manual, because I have host names that I still need to generate aliases for. But I built a test hostname that has the auto-routing sendmail hooks in use.) Regardless of what I try to create, I'm getting: Jul 26 04:12:37 2001 admin(8996): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(8996): [----- Mailman Version: 2.1a3 -----] admin(8996): [----- Traceback ------] admin(8996): Traceback (most recent call last): admin(8996): File "/home/mailman/scripts/driver", line 96, in run_main admin(8996): main() admin(8996): File "/home/mailman/Mailman/Cgi/create.py", line 54, in main admin(8996): process_request(doc, cgidata) admin(8996): File "/home/mailman/Mailman/Cgi/create.py", line 156, in process_request admin(8996): mlist.Create(listname, owner, pw) admin(8996): File "/home/mailman/Mailman/MailList.py", line 384, in Create admin(8996): self.InitVars(name, admin, crypted_password) admin(8996): File "/home/mailman/Mailman/MailList.py", line 308, in InitVars admin(8996): baseclass.InitVars(self) admin(8996): File "/home/mailman/Mailman/Archiver/Archiver.py", line 93, in InitVars admin(8996): os.mkdir(self.ArchiveFileName(), 02775) admin(8996): OSError: [Errno 2] No such file or directory: '/home/mailman/archives/private/testlist.mbox/testlist.mbox' Looks like it's trying to mkdir the archive *file*, not the directory the file goes in... It creates a lists/listname directory, that's empty, which I have to go in by hand and delete, because rmlist doesn't think there's a list there, there being no config.db... (The weird things you play with in desperation when you're staring at makedbz run for 5+ hours and counting.) From jaccino@ieev.uma.es Thu Jul 26 09:47:36 2001 From: jaccino@ieev.uma.es (Jose A. Accino) Date: Thu, 26 Jul 2001 10:47:36 +0200 Subject: [Mailman-Developers] Upgrading from 2.0b5 to 2.1a2 In-Reply-To: <15199.39604.169179.996378@anthem.wooz.org> References: Message-ID: barry@zope.com (Barry A. Warsaw) writes: >There's two ways to upgrade, neither of which has gotten a lot of >testing. Well, I had actually used the 'hard' way (not actually an upgrade at all), installing a fresh MM2.1.a2, editing mm_cfg.py for defaults and re-creating the lists (not a lot, fortunately), and re-importing users again (BTW: I first used sync_members but it gave me the 'ValueError: unsupported format character '(' (0x28) at index 12' that I reported on another msg.). AFAIK, it seems to be running (almost) fine. Well, currently I have only found: - A problem on Spanish catalog (J.C. Rey kindly solved it on a snap) - The 'ImportError: No module named mimelib.address' related to cron tasks. I removed the -s on MM's crontab and didn't got more errors. - One 'mimelib.Errors.BoundaryError: Couldn't find terminating boundary' in Parser.Py (only got it once so I'm not sure about what does it mean...) Regards, JA. From jarrell@vt.edu Thu Jul 26 09:52:12 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 04:52:12 -0400 Subject: [Mailman-Developers] current snapshot startup woes In-Reply-To: <200107260749.f6Q7n4s06438@babylon5.cc.vt.edu> Message-ID: <5.1.0.14.2.20010726045150.03c74410@lennier.cc.vt.edu> At 03:49 AM 7/26/01 -0400, you wrote: >FYI, I built and installed the current snapshot on my test >machine (which did have a couple of articles lying around in >the queues that were never delivered when I last stopped >qrunner...) It worked once I deleted everything in the queues. From jarrell@vt.edu Thu Jul 26 10:02:49 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 05:02:49 -0400 Subject: [Mailman-Developers] Upgrading from 2.0b5 to 2.1a2 In-Reply-To: References: <15199.39604.169179.996378@anthem.wooz.org> Message-ID: <5.1.0.14.2.20010726050220.05f5cab0@lennier.cc.vt.edu> At 10:47 AM 7/26/01 +0200, Jose A. Accino wrote: >- The 'ImportError: No module named mimelib.address' related to cron tasks. >I removed the -s on MM's crontab and didn't got more errors. > >- One 'mimelib.Errors.BoundaryError: Couldn't find terminating boundary' >in Parser.Py (only got it once so I'm not sure about what does it mean...) Did you install mimelib-0.4 before running mailman? It's not part of the mailman kit. From jaccino@ieev.uma.es Thu Jul 26 10:35:16 2001 From: jaccino@ieev.uma.es (Jose A. Accino) Date: Thu, 26 Jul 2001 11:35:16 +0200 Subject: [Mailman-Developers] Upgrading from 2.0b5 to 2.1a2 In-Reply-To: <5.1.0.14.2.20010726050220.05f5cab0@lennier.cc.vt.edu> References: <15199.39604.169179.996378@anthem.wooz.org> Message-ID: >>- The 'ImportError: No module named mimelib.address' related to cron tasks. >>I removed the -s on MM's crontab and didn't got more errors. >> >>- One 'mimelib.Errors.BoundaryError: Couldn't find terminating boundary' >>in Parser.Py (only got it once so I'm not sure about what does it mean...) > >Did you install mimelib-0.4 before running mailman? It's not part of the >mailman kit. > Yes, of course. The Python mimelib.__version__ test returns the '0.4' version number. >From the msgs I've found at the archives about cron jobs problem, it seems that it's related to sys.path. I remember having read also something about the boundaries problem. I'm not sure if they are actually solved in latest CVS snapshot, however... JA. From jarrell@vt.edu Thu Jul 26 11:13:11 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 06:13:11 -0400 Subject: [Mailman-Developers] 2.1 gate_news Message-ID: <5.1.0.14.2.20010726061207.03eba8e0@lennier.cc.vt.edu> Since my news server is currently down, gate_news is not connection. Rather than the usual traceback you get from that, 2.1 is much improved. You just get a syntax error :-). /usr/local/bin/python -S /home/mailman/cron/gate_news produced the following output: SyntaxError: 'continue' not supported inside 'try' clause (gate_news, line 125) From thomas@xs4all.net Thu Jul 26 14:18:13 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Thu, 26 Jul 2001 15:18:13 +0200 Subject: [Mailman-Developers] Upgrading from 2.0b5 to 2.1a2 In-Reply-To: References: Message-ID: <20010726151813.F21770@xs4all.nl> On Thu, Jul 26, 2001 at 10:47:36AM +0200, Jose A. Accino wrote: > - The 'ImportError: No module named mimelib.address' related to cron tasks. > I removed the -s on MM's crontab and didn't got more errors. Was this with a recent CVS Snapshot ? I checked in some changes that should permanently fix all these problems, and Barry checked in some changes before that that made the most glaring problems go away by not starting qrunner from cron anymore. -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From thomas@xs4all.net Thu Jul 26 14:31:55 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Thu, 26 Jul 2001 15:31:55 +0200 Subject: [Mailman-Developers] 2.1 gate_news In-Reply-To: <5.1.0.14.2.20010726061207.03eba8e0@lennier.cc.vt.edu> Message-ID: <20010726153155.G21770@xs4all.nl> On Thu, Jul 26, 2001 at 06:13:11AM -0400, Ron Jarrell wrote: > Since my news server is currently down, gate_news is not connection. > Rather than the usual traceback you get from that, 2.1 is much improved. > You just get a syntax error :-). > /usr/local/bin/python -S /home/mailman/cron/gate_news > produced the following output: > SyntaxError: 'continue' not supported inside 'try' clause (gate_news, line 125) This is fixed in Python 2.1... Barry, did you decide to require 2.1(.1) for Mailman 2.1 ? I didn't think so... So I fixed it using the traditional workaround (which, incidentally, is effectively the same as the way 2.1 handles this internally :) But installing 2.1.1 is a good idea none the less :) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From barry@zope.com Thu Jul 26 15:35:11 2001 From: barry@zope.com (Barry A. Warsaw) Date: Thu, 26 Jul 2001 10:35:11 -0400 Subject: [Mailman-Developers] Re: mm-handler References: <5.1.0.14.2.20010726013750.05f5d040@lennier.cc.vt.edu> <20010726004710.B9012@smack.uchicago.edu> <5.1.0.14.2.20010726015422.07ded8a0@lennier.cc.vt.edu> Message-ID: <15200.10911.241984.689090@anthem.wooz.org> >>>>> "RJ" == Ron Jarrell writes: RJ> Sleep? Sleep? Totally inadequate substitute for caffeine, RJ> man. I tried to be a good zombie back in the '80's what with Nancy Reagan's "Sleep, Just Say No" campaign. In one stretch I went 6 weeks with little more than a 5-minute drooling lean against the wall, and it was working out great. But eventually, the elephants started getting /really/ insistent about that strip poker game with the pink talking Q's. After the gigantic 9-legged camel bee stung me on the forehead, I slept a whole summer away and I knew from then on the sleep monkey would forever taunt me. But at least then he'd taken his tail out of my eye. one-day-at-a-time-ly y'rs, -Barry From mrbill@mrbill.net Thu Jul 26 16:12:46 2001 From: mrbill@mrbill.net (Bill Bradford) Date: Thu, 26 Jul 2001 10:12:46 -0500 Subject: [Mailman-Developers] archives dissapeared? Message-ID: <20010726101246.B17950@mrbill.net> Hrm, all of a sudden, my archive pages arent coming up: http://www.sunhelp.org/pipermail/sunhelp/ gives a blank screen.. but the files are there: root@ohno:/disk/mailman/archives/private/sunhelp> pwd /disk/mailman/archives/private/sunhelp root@ohno:/disk/mailman/archives/private/sunhelp> ls 1970-January 1999-November.txt 2000-June 2001-February.txt 1970-January.txt 1999-October 2000-June.txt 2001-January 1998-January 1999-October.txt 2000-March 2001-January.txt 1998-January.txt 1999-September 2000-March.txt 2001-July 1999-April 1999-September.txt 2000-May 2001-July.txt 1999-April.txt 2000-April 2000-May.txt 2001-June 1999-August 2000-April.txt 2000-November 2001-June.txt 1999-August.txt 2000-August 2000-November.txt 2001-March 1999-December 2000-August.txt 2000-October 2001-March.txt 1999-December.txt 2000-December 2000-October.txt 2001-May 1999-July 2000-December.txt 2000-September 2001-May.txt 1999-July.txt 2000-February 2000-September.txt 2013-June 1999-June 2000-February.txt 2001-April 2013-June.txt 1999-June.txt 2000-January 2001-April.txt database 1999-May 2000-January.txt 2001-December index.html 1999-May.txt 2000-July 2001-December.txt pipermail.pck 1999-November 2000-July.txt 2001-February and here's the page that the browser gets: Any suggestions? Bill -- Bill Bradford mrbill@mrbill.net Austin, TX From marc_news@valinux.com Thu Jul 26 16:26:14 2001 From: marc_news@valinux.com (Marc MERLIN) Date: Thu, 26 Jul 2001 08:26:14 -0700 Subject: [Mailman-Developers] Internal server error when accessing admin pages Message-ID: <20010726082614.A22086@magic.merlins.org> I've gotten several bug reports on SF for people who can't get to the admin pages The only error apache gives me is: [Thu Jul 12 15:47:17 2001] [error] [client 171.71.41.31] Premature end of script headers: /var/local/mailman/cgi-bin/admin I never had the problem myself and it seems to come and go Is there any debugging I can in mailman to at least give me some error in my apache error log? (or do you think it's an apache problem?) Attached is one of the tickets I've gotten Thanks, Marc ----- Forwarded message from noreply@sourceforge.net ----- To: noreply@sourceforge.net From: noreply@sourceforge.net Subject: [ alexandria-Support Requests-438992 ] Administration interface to mail lists Date: Thu, 26 Jul 2001 02:43:44 -0700 Support Requests item #438992, was opened at 2001-07-06 00:49 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=200001&aid=438992&group_id=1 Category: Mailing Lists Group: Second Level Support >Status: Open Priority: 9 Submitted By: Richard Leyton (rleyton) Assigned to: Marc Merlin (marcmerlin) Summary: Administration interface to mail lists Initial Comment: A post to a mailing list needs admin attention (it's a moderated list). The URL: http://lists.sourceforge.net/lists/admindb/leap-announce results in: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, staff@sourceforge.net and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Could you look into it. ---------------------------------------------------------------------- >Comment By: Richard Leyton (rleyton) Date: 2001-07-26 02:43 Message: Logged In: YES user_id=7704 In a nutshell, this ceased to be a problem the next day, i'd forgotten about this ticket until the status changed. I had given a detailed response to your queries, but mozilla crashed on me before i clicked on the submit, and i was in a hurry, so i didn't get around to reposting it. in a nutshell: - all browsers tried (opera, netscape & mozilla) - had a URL via e-mail to attend to pending admin requests. - yes it gave the same error with netscape - it was the message received on going to the URL contained in the e-mail. ---------------------------------------------------------------------- Comment By: Marc Merlin (marcmerlin) Date: 2001-07-25 11:14 Message: Logged In: YES user_id=6500 We need the information if you want us to help you ---------------------------------------------------------------------- Comment By: Marc Merlin (marcmerlin) Date: 2001-07-17 08:38 Message: Logged In: YES user_id=6500 What browser? Does it fail repeatetly from different places? Does it fail with plain netscape? Does it fail when you access the page, or when you post back a form? ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=200001&aid=438992&group_id=1 ----- End forwarded message ----- -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From mrbill@mrbill.net Thu Jul 26 16:24:33 2001 From: mrbill@mrbill.net (Bill Bradford) Date: Thu, 26 Jul 2001 10:24:33 -0500 Subject: [Mailman-Developers] archives dissapeared? In-Reply-To: <20010726101246.B17950@mrbill.net>; from mrbill@mrbill.net on Thu, Jul 26, 2001 at 10:12:46AM -0500 References: <20010726101246.B17950@mrbill.net> Message-ID: <20010726102433.F17950@mrbill.net> On Thu, Jul 26, 2001 at 10:12:46AM -0500, Bill Bradford wrote: > Hrm, all of a sudden, my archive pages arent coming up: > http://www.sunhelp.org/pipermail/sunhelp/ > gives a blank screen.. but the files are there: > and here's the page that the browser gets: > > > > > Any suggestions? Figured it out. Even if you've got Defaults.py set to not do mbox-archiving (and only html archiving), you still *have to have the archives/private/listname.mbox/listname.mbox file present*, or the index.html wont be generated properly. I touch'ed all the needed directories and files, sent a mail through to each list, and the archives are showing up again. Is this a bug or a feature? 8-) Bill -- Bill Bradford mrbill@mrbill.net Austin, TX From marc_news@valinux.com Thu Jul 26 17:34:05 2001 From: marc_news@valinux.com (Marc MERLIN) Date: Thu, 26 Jul 2001 09:34:05 -0700 Subject: [Mailman-Developers] another mm error Message-ID: <20010726093404.B23679@magic.merlins.org> A user received and forwarded this. Any ideas and/or additional debugging I could put in? thanks, Marc -----Forwarded Message----- From: rtfs-project-admin@lists.sourceforge.net To: rtfs-project-admin@lists.sourceforge.net Subject: Unexpected Mailman error An unexpected Mailman error has occurred in MailCommandHandler.ParseMailCommands(). Here is the traceback: Traceback (innermost last): File "/var/local/mailman/Mailman/MailCommandHandler.py", line 221, in ParseMailCommands self.__dispatch[cmd](args, line, msg) File "/var/local/mailman/Mailman/MailCommandHandler.py", line 362, in ProcessSetCmd self.ConfirmUserPassword(sender, args[2]) File "/var/local/mailman/Mailman/SecurityManager.py", line 140, in ConfirmUserPassword raise Errors.MMBadUserError MMBadUserError -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From barry@zope.com Thu Jul 26 19:03:48 2001 From: barry@zope.com (Barry A. Warsaw) Date: Thu, 26 Jul 2001 14:03:48 -0400 Subject: [Mailman-Developers] Internal server error when accessing admin pages References: <20010726082614.A22086@magic.merlins.org> Message-ID: <15200.23428.295322.627606@anthem.wooz.org> >>>>> "MM" == Marc MERLIN writes: MM> I've gotten several bug reports on SF for people who can't get MM> to the admin pages MM> The only error apache gives me is: [Thu Jul 12 15:47:17 2001] MM> [error] [client 171.71.41.31] Premature end of script headers: MM> /var/local/mailman/cgi-bin/admin MM> I never had the problem myself and it seems to come and go MM> Is there any debugging I can in mailman to at least give me MM> some error in my apache error log? (or do you think it's an MM> apache problem?) I've seen this occasionally too, but I also haven't been able to track it down. No tracebacks in the Apache logs, or in the Mailman logs. Now, I've /only/ ever seen it with Mozilla 0.9.2 and have never hit it with NS4 or IE on Windows. Can you find out which browser these users were using? I'm not saying it's Mozilla related, but that's the only connection I've got so far. -Barry From marc_news@valinux.com Thu Jul 26 19:42:55 2001 From: marc_news@valinux.com (Marc MERLIN) Date: Thu, 26 Jul 2001 11:42:55 -0700 Subject: [Mailman-Developers] Internal server error when accessing admin pages In-Reply-To: <15200.23428.295322.627606@anthem.wooz.org>; from barry@zope.com on Thu, Jul 26, 2001 at 02:03:48PM -0400 References: <20010726082614.A22086@magic.merlins.org> <15200.23428.295322.627606@anthem.wooz.org> Message-ID: <20010726114255.D23679@magic.merlins.org> On Thu, Jul 26, 2001 at 02:03:48PM -0400, Barry A. Warsaw wrote: > Now, I've /only/ ever seen it with Mozilla 0.9.2 and have never hit it > with NS4 or IE on Windows. Can you find out which browser these > users were using? I'm not saying it's Mozilla related, but that's the > only connection I've got so far. I've gotten a couple of reports for konqueror, a couple for mozilla, and one person said it also failed with netscape when he tried that instead (I think the ticket I attached was that one actually), but considering it's my only report of it failing with netscape, I can't say for sure. I'll definitely keep asking what browsers were involved. Marc -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From lists@xpec.com Fri Jul 27 01:08:01 2001 From: lists@xpec.com (J.D. Bronson) Date: Thu, 26 Jul 2001 19:08:01 -0500 Subject: [Mailman-Developers] gate news order Message-ID: <5.1.0.14.2.20010726190631.00a6b248@sparc-central.com> Does anyone know how to change the order that 'gate_news' runs thru the newsgroups to suck news down? I thought it went alphabetically, but that is not the case...I made one change to a newsgroup and now it pulls LAST and it is the 1st in the alphabet. This may be a strange question, but I am hoping that someone has an answer! -- J.D. Bronson Aurora Health Care Information Systems Milwaukee Wisconsin USA Main Office: 414.978.8282 From jarrell@vt.edu Fri Jul 27 04:47:18 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Thu, 26 Jul 2001 23:47:18 -0400 Subject: [Mailman-Developers] -1 requests... Message-ID: <5.1.0.14.2.20010726234413.038f66e0@lennier.cc.vt.edu> 5pm today I got email from all my lists on the 2.1 test server telling me I had -1 requests pending... Went to each admindb page, and it gave me the button to submit changes, but no requests in between buttons.. So I submitted on each page, and had it tell me there were no more requests.. reran checkdbs just to avoid waiting until tomorrow, and it's now happy. Weird. From barry@zope.com Fri Jul 27 05:40:41 2001 From: barry@zope.com (Barry A. Warsaw) Date: Fri, 27 Jul 2001 00:40:41 -0400 Subject: [Mailman-Developers] -1 requests... References: <5.1.0.14.2.20010726234413.038f66e0@lennier.cc.vt.edu> Message-ID: <15200.61641.74520.289418@anthem.wooz.org> >>>>> "RJ" == Ron Jarrell writes: RJ> 5pm today I got email from all my lists on the 2.1 test server RJ> telling me I had -1 requests pending... Went to each admindb RJ> page, and it gave me the button to submit changes, but no RJ> requests in between buttons.. So I submitted on each page, and RJ> had it tell me there were no more requests.. reran checkdbs RJ> just to avoid waiting until tomorrow, and it's now happy. RJ> Weird. Okay, I think I know why that is. I'll try to check in a patch for it soon. Thanks, -Barry From jwt@OnJapan.net Fri Jul 27 07:22:04 2001 From: jwt@OnJapan.net (Jim Tittsler) Date: Fri, 27 Jul 2001 15:22:04 +0900 Subject: [Mailman-Developers] Re: gate news order In-Reply-To: <5.1.0.14.2.20010726190631.00a6b248@sparc-central.com>; from lists@xpec.com on Thu, Jul 26, 2001 at 07:08:01PM -0500 References: <5.1.0.14.2.20010726190631.00a6b248@sparc-central.com> Message-ID: <20010727152204.I9302@server.onjapan.net> On Thu, Jul 26, 2001 at 07:08:01PM -0500, J.D. Bronson wrote: > Does anyone know how to change the order that 'gate_news' runs thru the > newsgroups to suck news down? I believe it is operating system dependent. It does them in Utils.list_names() order, which is based on the arbitrary order your operating system returns the directory (AKA list) names in your list directory. But, does it matter? > I thought it went alphabetically, but that is not the case...I > made one change to a newsgroup and now it pulls LAST and it is > the 1st in the alphabet. If you want it to go alphabetically, you could sort the output of list_names() before iterating through it in gate_news. Jim P.S. Please don't cross-post to both mailman-users and mailman-developers. From marc_news@valinux.com Thu Jul 26 22:31:55 2001 From: marc_news@valinux.com (Marc MERLIN) Date: Thu, 26 Jul 2001 17:31:55 -0400 Subject: [Mailman-Developers] another mm error In-Reply-To: <20010726093404.B23679@magic.merlins.org>; from marc_news@valinux.com on Thu, Jul 26, 2001 at 09:34:05AM -0700 References: <20010726093404.B23679@magic.merlins.org> Message-ID: <20010726173155.H1105@gandalf.merlins.org> On Thu, Jul 26, 2001 at 09:34:05AM -0700, Marc MERLIN wrote: > A user received and forwarded this. > > Any ideas and/or additional debugging I could put in? I apologize, I had already forwarded this to the list once (and forgotten about it) Sorry for the spam. Marc -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key From scott-brown@home.com Sun Jul 29 01:23:38 2001 From: scott-brown@home.com (Scott Brown) Date: Sat, 28 Jul 2001 20:23:38 -0400 Subject: [Mailman-Developers] MM2.1a2 integration with Sendmail In-Reply-To: <15203.13874.792653.153129@anthem.wooz.org> Message-ID: <002701c117c4$b7132a80$0401a8c0@ibmpeers> Ok - on my test box I'm up to Python 2.01, and have MM2.1a2 installed (from the tarball... fresh copy today, but of course it may not be the most recent code from the CVS) In the README.SENDMAIL there is a section on a contrib piece that will make it possible to get away without updating the /etc/aliases and running newaliases all the time. I wanted to try it - but the mm-handler script is not in the contrib directory as the README.SENDMAIL suggests it should be. I checked the CVS, and same there... there's a qmail-to-mailman.py there, but nothing sendmail-ish... And of course, without an author's email addy listed in the README.SENDMAIL, it's difficult to contact the author directly. Anyone know where I can find it? From scott-brown@home.com Sun Jul 29 04:52:38 2001 From: scott-brown@home.com (Scott Brown) Date: Sat, 28 Jul 2001 23:52:38 -0400 Subject: [Mailman-Developers] Results from 2.1a2's /mailman/create ... not as expected Message-ID: <000101c117e1$e8bc0080$0401a8c0@ibmpeers> I dont know if this was by design or not, but I went to my (not externally accessible) test system at http://www.testdomain.com/mailman/create and created a list "justatest" and got the message tacked on the bottom of this message. Things that "JustDontLookRight" to me include: - picked up the server's name, rather than the domain name of the host it was triggered under. Could it not be set up to take the virtual host underwhich it was triggered (ie, testdomain.com), and use that as the prefered name of the list? The next page that comes up is listed as being under that virtual host -- but all the links point back to the machine's name. - Required me to use the sitepassword to create a new list... How can I give that priveledge to someone else (like a virtual host admin)... I've not found any documentation anywhere that describes how to register a valid user under a domain (such that they can only create lists under that domain) - last line in message didnt have proper replacement of "hostname". Just a buglet - but I dont know enough python to fix it.... - The email that is produced with the /etc/alias additions... is it possible to define where that goes, say in the mm_cfg.py? It would be nice to be able to pipe those specific through another email address that triggers a routine that could actually do the append as root... -----Original Message----- From: justatest-admin@bubba.localdomain [mailto:justatest-admin@bubba.localdomain]On Behalf Of mailman-owner@bubba.localdomain Sent: Saturday, July 28, 2001 10:40 PM To: ----------------------- Subject: Your new mailing list: justatest The mailing list `justatest' has just been created for you. The following is some basic information about your mailing list. Your mailing list password is: justatest You need this password to configure your mailing list. You also need it to handle administrative requests, such as approving mail if you choose to run a moderated list. You can configure your mailing list at the following web page: http://bubba.localdomain/mailman/admin/justatest The web page for users of your mailing list is: http://bubba.localdomain/mailman/listinfo/justatest You can even customize these web pages from the list configuration page. However, you do need to know HTML to be able to do this. There is also an email-based interface for users (not administrators) of your list; you can get info about using it by sending a message with just the word `help' as subject or in the body, to: justatest-request@bubba.localdomain To unsubscribe a user: from the mailing list 'listinfo' web page, click on or enter the user's email address as if you were that user. Where that user would put in their password to unsubscribe, put in your admin password. You can also use your password to change member's options, including digestification, delivery disabling, etc. Please address all questions to mailman-owner@%(hostname)s. From jarrell@vt.edu Sun Jul 29 11:45:53 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Sun, 29 Jul 2001 06:45:53 -0400 Subject: [Mailman-Developers] MM2.1a2 integration with Sendmail In-Reply-To: <002701c117c4$b7132a80$0401a8c0@ibmpeers> References: <15203.13874.792653.153129@anthem.wooz.org> Message-ID: <5.1.0.14.2.20010729064217.03cc2260@lennier.cc.vt.edu> At 08:23 PM 7/28/01 -0400, you wrote: >Ok - on my test box I'm up to Python 2.01, and have MM2.1a2 installed (from >the tarball... fresh copy today, but of course it may not be the most recent >code from the CVS) > >In the README.SENDMAIL there is a section on a contrib piece that will make >it possible to get away without updating the /etc/aliases and running >newaliases all the time. > >I wanted to try it - but the mm-handler script is not in the contrib >directory as the README.SENDMAIL suggests it should be. > >I checked the CVS, and same there... there's a qmail-to-mailman.py there, >but nothing sendmail-ish... > >And of course, without an author's email addy listed in the README.SENDMAIL, >it's difficult to contact the author directly. > >Anyone know where I can find it? You must not have been reading the list 3-4 days ago when I raised this very question. The stuff's not there yet. Also, those directions are incomplete. If you thoroughly understand sendmail, and can hack your m4 files, see: http://home.uchicago.edu/~dgc/mailman/listserver.mc http://home.uchicago.edu/~dgc/mailman/mm-handler For what the author says is a relatively recent copy of the handler and an example mc file for using it (but you'll have to understand how to build the mailertable) He's on vacation right now, and will officially contribute it later. Note that it *only* works if you can dedicate an entire hostname's worth of mail to mailman; i.e. if you have both users and lists that are both @something.com, you can't use this. From scott-brown@home.com Sun Jul 29 15:52:41 2001 From: scott-brown@home.com (Scott Brown) Date: Sun, 29 Jul 2001 10:52:41 -0400 Subject: [Mailman-Developers] Yet another nightly_gzip failure notice Message-ID: <001601c1183e$1ea42f40$0401a8c0@ibmpeers> I havent seen a definitive solution to this, so I'm posting this in hopes that the developers see something here that triggers an "ah-ha!".... I know mimelib is required... and I've done a fresh install of mimelib just yesterday when I started playing with 2.1a2.... [scott@bubba ~]$ python Python 2.0 (#1, Feb 9 2001, 20:49:37) [GCC egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)] on linux2 Type "copyright", "credits" or "license" for more information. >>> import mimelib >>> mimelib.__version__ '0.4' >>> yet last night I received this: Traceback (most recent call last): File "/home/mailman/cron/nightly_gzip", line 52, in ? from Mailman import MailList File "/home/mailman/Mailman/MailList.py", line 34, in ? from mimelib.address import getaddresses ImportError: No module named mimelib.address This box was upgraded from v2.0b5 to 2.0 to 2.0.1 to 2.0.6 now to 2.1a2 - and I noticed that during the upgrade it mentioned that one of the lists looked like it had already been upgraded or I was using a very new CVS snapshot or something like that. But bin/check_db comes up fine on all these lists.... [root@bubba /home/mailman]# bin/check_db justatest [root@bubba /home/mailman]# bin/check_db test [root@bubba /home/mailman]# bin/check_db trial [root@bubba /home/mailman]# bin/check_db trial2 [root@bubba /home/mailman]# Everything in the ./Mailman, ./bin, ./cgi-bin and ./cron directories has the same date stamp except: Mailman/crypt.py (which as I understand is not part of MM2.1a2 so this is not unexpected) Mailman/mm_cfg.py that doesnt get overwritten on a new install... (which when diffed against the mm_cfg.py.dist shows no differences anyways). cron/qrunner (which doesnt exist anymore with the new queue configurations) Any "Eureka!" happening?? From barry@zope.com Sun Jul 29 16:57:14 2001 From: barry@zope.com (Barry A. Warsaw) Date: Sun, 29 Jul 2001 11:57:14 -0400 Subject: [Mailman-Developers] Yet another nightly_gzip failure notice References: <001601c1183e$1ea42f40$0401a8c0@ibmpeers> Message-ID: <15204.12890.601812.830852@anthem.wooz.org> >>>>> "SB" == Scott Brown writes: SB> I havent seen a definitive solution to this, so I'm posting SB> this in hopes that the developers see something here that SB> triggers an "ah-ha!".... This is fixed in CVS. Either update from there (a good suggestion for anyone getting serious about MM2.1 ;) or remove python's -S option from crontab.in. -Barry From jarrell@vt.edu Sun Jul 29 20:15:10 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Sun, 29 Jul 2001 15:15:10 -0400 Subject: [Mailman-Developers] MM2.1a2 integration with Sendmail In-Reply-To: <001501c1183b$2e8cc8c0$0401a8c0@ibmpeers> References: <5.1.0.14.2.20010729064217.03cc2260@lennier.cc.vt.edu> Message-ID: <5.1.0.14.2.20010729150640.038252a0@lennier.cc.vt.edu> At 10:31 AM 7/29/01 -0400, you wrote: >> Note that it *only* works if you can dedicate an entire >> hostname's worth of mail to mailman; i.e. if you have >> both users and lists that are both @something.com, >> you can't use this. > >Aw sh.... > >Is it not possible with sendmail to filter out a certain set of addresses >and send them to a different delivery mechanism WITHOUT using the >/etc/aliases route? Yes, you could do some handwaving with psuedo hosts. But, if you're mixing lists and people, how are you going to tell which are which without keeping a list of them somewhere? At that point, /etc/aliases isn't a bad way to go... Unless all your lists have a particular pattern (i.e. they're *all* something-l) From claw@kanga.nu Sun Jul 29 21:30:17 2001 From: claw@kanga.nu (J C Lawrence) Date: Sun, 29 Jul 2001 13:30:17 -0700 Subject: [Mailman-Developers] MM2.1a2 integration with Sendmail In-Reply-To: Message from Ron Jarrell of "Sun, 29 Jul 2001 15:15:10 EDT." <5.1.0.14.2.20010729150640.038252a0@lennier.cc.vt.edu> References: <5.1.0.14.2.20010729064217.03cc2260@lennier.cc.vt.edu> <5.1.0.14.2.20010729150640.038252a0@lennier.cc.vt.edu> Message-ID: <11596.996438617@kanga.nu> On Sun, 29 Jul 2001 15:15:10 -0400 Ron Jarrell wrote: > Yes, you could do some handwaving with psuedo hosts. But, if > you're mixing lists and people, how are you going to tell which > are which without keeping a list of them somewhere? At that > point, /etc/aliases isn't a bad way to go... Unless all your > lists have a particular pattern (i.e. they're *all* something-l) There are easier ways to go. If .../lists//config.db exists its a moderately safe bet that a Mailman list "listname" exists and that therefore all the matching addresses also (should) exist with appropriate rewrites. Many use exactly this algorithm under various MTAs to run without any list specific alias files. -- J C Lawrence )\._.,--....,'``. ---------(*) /, _.. \ _\ ;`._ ,. claw@kanga.nu `._.-(,_..'--(,_..'`-.;.' http://www.kanga.nu/~claw/ Oh Freddled Gruntbuggly From barry@zope.com Sun Jul 29 22:36:18 2001 From: barry@zope.com (Barry A. Warsaw) Date: Sun, 29 Jul 2001 17:36:18 -0400 Subject: [Mailman-Developers] MM2.1a2 integration with Sendmail References: <15203.13874.792653.153129@anthem.wooz.org> <002701c117c4$b7132a80$0401a8c0@ibmpeers> Message-ID: <15204.33234.257426.657016@anthem.wooz.org> >>>>> "SB" == Scott Brown writes: SB> In the README.SENDMAIL there is a section on a contrib piece SB> that will make it possible to get away without updating the SB> /etc/aliases and running newaliases all the time. SB> I wanted to try it - but the mm-handler script is not in the SB> contrib directory as the README.SENDMAIL suggests it should SB> be. David Champion is going to send me his latest updates when he gets back from vacation. Stay tuned. -Barry From barry@zope.com Sun Jul 29 22:41:03 2001 From: barry@zope.com (Barry A. Warsaw) Date: Sun, 29 Jul 2001 17:41:03 -0400 Subject: [Mailman-Developers] New confirm screens Message-ID: <15204.33519.941569.699679@anthem.wooz.org> I've finally implemented the new confirmation screens as suggested by Thomas and urged by Gerald. I'm fairly happy with the subscription confirmation screen because it allows you to override certain fields you entered in the initial subscription request. The change of address and unsubscribe confirmation pages are less helpful, but I suppose it is nice to be able to see what Mailman thinks it's going to do when you confirm, so those are probably improvements too. Hopefully there will be time to add a few more things to the confirmation process. CVS should be (relatively) stable now. -Barry From roy@lamrim.com Mon Jul 30 05:27:53 2001 From: roy@lamrim.com (Roy Harvey) Date: Sun, 29 Jul 2001 21:27:53 -0700 Subject: [Mailman-Developers] List Backup? In-Reply-To: <15183.22232.119442.302021@anthem.wooz.org> Message-ID: <3.0.5.32.20010729212753.011dcb80@lamrim.com> Dear Barry -- Thanks again for all your wonderful service to the 'net community and assistance. I was wondering if there is a way to backup the list (ie, extract all the email addresses to a text file)? Or perhaps there is a specific file that already contains these? Roy From barry@zope.com Mon Jul 30 06:31:14 2001 From: barry@zope.com (Barry A. Warsaw) Date: Mon, 30 Jul 2001 01:31:14 -0400 Subject: [Mailman-Developers] List Backup? References: <15183.22232.119442.302021@anthem.wooz.org> <3.0.5.32.20010729212753.011dcb80@lamrim.com> Message-ID: <15204.61730.12291.296191@anthem.wooz.org> >>>>> "RH" == Roy Harvey writes: RH> Thanks again for all your wonderful service to the 'net RH> community and assistance. You're welcome! RH> I was wondering if there is a way to backup the list (ie, RH> extract all the email addresses to a text file)? Or perhaps RH> there is a specific file that already contains these? bin/list_members is as close as it gets right now. This does loose some information, although it can be used to retain digest vs. regular delivery. It would be nice to have a script that extracted all the membership information for a list into a plain text file. It shouldn't be hard to write given the new MemberAdaptor interface in MM2.1. Cheers, -Barry From gorg@sun1.imbi.uni-freiburg.de Mon Jul 30 11:50:03 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 30 Jul 2001 12:50:03 +0200 Subject: [Mailman-Developers] sync_members error Message-ID: <200107301050.f6UAo3627140@sun31.imbi.uni-freiburg.de> Dear Developers, When I tried to update using "cvs update", "make install" the update would not finish because of missing files or directories ( I think it was no/... and ja/...). Therefore I did a "cvs co mailman" into a new directory and installed that into a new directory (config --with-cgi-gid=nobody; make; make install; check_perms -f). I made a new test-list and now wanted to populate it with the old members and got: > sync_members -f /usr/local/mailman.old/test.members test Traceback (most recent call last): File "sync_members", line 250, in ? main() File "sync_members", line 184, in main filemembers = Utils.ParseAddrs(filemembers) AttributeError: 'Mailman.Utils' module has no attribute 'ParseAddrs' What am I doing wrong? I am using python 2.1 with mimelib 0.4. Many thanks Georg Koch -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ -- -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ From gorg@sun1.imbi.uni-freiburg.de Mon Jul 30 11:57:17 2001 From: gorg@sun1.imbi.uni-freiburg.de (Georg Koch) Date: Mon, 30 Jul 2001 12:57:17 +0200 Subject: [Mailman-Developers] Help please: Re: multipart/mixed error In-Reply-To: Your message of "Tue, 10 Jul 2001 17:53:39 +0200." <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> Message-ID: <200107301057.f6UAvH627165@sun31.imbi.uni-freiburg.de> This is a multipart MIME message. --==_Exmh_6541931100 Content-Type: text/plain; charset=us-ascii Dear Barry, Dear Developers, PLEASE would someone help me with this - either fixing same code or patching the sendmail.cf. I carelessly upgraded to 2.1 and now cannot convert back (I was told) and some users get annoyed by this (and then they call me). Thanks a lot in advance Georg --==_Exmh_6541931100 Content-Type: message/rfc822 ; name="6" Content-Description: 6 Content-Disposition: attachment; filename="6" Return-Path: mailman-developers-admin@python.org Delivery-Date: Tue Jul 10 17:54:51 2001 Return-Path: Received: from mailgateway1.uni-freiburg.de (mailgateway1.uni-freiburg.de [132.230.1.211]) by sun1.imbi.uni-freiburg.de (8.10.2+Sun/8.10.2) with ESMTP id f6AFsok06215 for ; Tue, 10 Jul 2001 17:54:50 +0200 (MEST) Received: from mail.python.org ([63.102.49.29]) by mailgateway1.uni-freiburg.de with esmtp (Exim 3.22 #1) id 15Jzqc-0001u9-00 for gorg@sun1.imbi.uni-freiburg.de; Tue, 10 Jul 2001 17:54:51 +0200 Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org) by mail.python.org with esmtp (Exim 3.21 #1) id 15Jzpr-00011H-00; Tue, 10 Jul 2001 11:54:03 -0400 Received: from [132.230.10.1] (helo=sun1.imbi.uni-freiburg.de) by mail.python.org with esmtp (Exim 3.21 #1) id 15JzpY-00010p-00 for mailman-developers@python.org; Tue, 10 Jul 2001 11:53:44 -0400 Received: from sun8.imbi.uni-freiburg.de (sun8.imbi.uni-freiburg.de [132.230.10.8]) by sun1.imbi.uni-freiburg.de (8.10.2+Sun/8.10.2) with ESMTP id f6AFrdk06211; Tue, 10 Jul 2001 17:53:39 +0200 (MEST) Received: from sun8.imbi.uni-freiburg.de (localhost [127.0.0.1]) by sun8.imbi.uni-freiburg.de (8.10.2+Sun/8.10.2) with ESMTP id f6AFrd618050; Tue, 10 Jul 2001 17:53:39 +0200 (MET DST) Message-Id: <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> X-Mailer: exmh version 2.0.2 2/24/98 To: mailman-developers@python.org cc: gorg@sun8.imbi.uni-freiburg.de, David Lefebvre Mime-Version: 1.0 Content-Type: multipart/mixed ; boundary="==_Exmh_-5605721300" From: Georg Koch Subject: [Mailman-Developers] multipart/mixed error Sender: mailman-developers-admin@python.org Errors-To: mailman-developers-admin@python.org X-BeenThere: mailman-developers@python.org X-Mailman-Version: 2.0.5 (101270) Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Mailman mailing list developers List-Unsubscribe: , List-Archive: Date: Tue, 10 Jul 2001 17:53:39 +0200 Content-Length: 2283 This is a multipart MIME message. --==_Exmh_-5605721300 Content-Type: text/plain; charset=us-ascii The attached message is a multipart/mixed containing 2 parts. But when I send it to the test list, I get a message containing 3 parts - there is a new empty part text/plain charset=us-ascii in front. But if I add a blank in the header like this, < Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" --- > Content-Type: multipart/mixed ; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" and send it: it is only 2 parts again. Several people using my mailman use Microsoft exchange server, which sends it the "wrong" way. For them the message looks like an empty message, with a "message" as attachment. Can it be fixed? Best wishes Georg --==_Exmh_-5605721300 Content-Type: text/plain ; name="3parts.mail"; charset=us-ascii Content-Description: 3parts.mail Content-Disposition: attachment; filename="3parts.mail" MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) From: gorg@cochrane.de To: test@cochrane.de Subject: test [Mwgs] CSG Midsummer Newsletter Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0FFD9.6A425B60" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C0FFD9.6A425B60 Content-Type: text/plain; charset="iso-8859-1" first part ------_=_NextPart_000_01C0FFD9.6A425B60 Content-Type: text/plain; charset="iso-8859-1" second part ------_=_NextPart_000_01C0FFD9.6A425B60-- --==_Exmh_-5605721300 Content-Type: text/plain; charset=us-ascii -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ --==_Exmh_-5605721300-- _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers --==_Exmh_6541931100 Content-Type: text/plain; charset=us-ascii -- Georg Koch ( mailto:gorg@cochrane.de ) | Phone: +49 761 203 6710 German Cochrane Centre | Fax: +49 761 203 6712 Mail: Institute of Medical Biometry and Medical Informatics Stefan-Meier-Strasse 26, D-79104 Freiburg, Germany ...................................................................... Crossing the Quality Chasm: A New Health System for the 21st Century http://www.nap.edu/books/0309072808/html/ --==_Exmh_6541931100-- From barry@zope.com Mon Jul 30 15:26:43 2001 From: barry@zope.com (Barry A. Warsaw) Date: Mon, 30 Jul 2001 10:26:43 -0400 Subject: [Mailman-Developers] sync_members error References: <200107301050.f6UAo3627140@sun31.imbi.uni-freiburg.de> Message-ID: <15205.28324.12038.269334@anthem.wooz.org> >>>>> "GK" == Georg Koch writes: GK> When I tried to update using "cvs update", "make install" the GK> update would not finish because of missing files or GK> directories ( I think it was no/... and ja/...). Always a good idea to use "cvs -q up -P -d". The important thing here is the -d option which tells cvs to create any new directories (as no and ja are for you). -P is useful for pruning empty directories, which can't be removed from the repository in cvs. | Traceback (most recent call last): | File "sync_members", line 250, in ? | main() | File "sync_members", line 184, in main | filemembers = Utils.ParseAddrs(filemembers) | AttributeError: 'Mailman.Utils' module has no attribute | 'ParseAddrs' GK> What am I doing wrong? Nothing. I missed that one. I'll fix that later today. -Barry From mentor@alb-net.com Mon Jul 30 17:03:47 2001 From: mentor@alb-net.com (Mentor Cana) Date: Mon, 30 Jul 2001 12:03:47 -0400 (EDT) Subject: [Mailman-Developers] and interesting loop Message-ID: I've been running mailman since v 1.1rc1 (or something similar). Until today (v2.0.6), I had not seen the following scenario: A messages was sent out on one of the lists. The message was a bit large (about 300k). There are three e-mail addresses listed as admin for this list. Now, it just happened that one of the admin e-mail addresses was out of disk space so there was a bounce back to the -admin address, which was going back to the same admin.... and a loop got started.... Is this the expected behavior in this scenario or perhaps is the result of a broken/misconfigured smtp server? The loop stopped as soon as I removed the questionable address as an admin for that list. -- Mentor From dgc@uchicago.edu Mon Jul 30 17:28:26 2001 From: dgc@uchicago.edu (David Champion) Date: Mon, 30 Jul 2001 11:28:26 -0500 Subject: [Mailman-Developers] Re: and interesting loop In-Reply-To: References: Message-ID: <20010730112826.U9012@smack.uchicago.edu> On 2001.07.30, in , "Mentor Cana" wrote: > I've been running mailman since v 1.1rc1 (or something similar). > > Until today (v2.0.6), I had not seen the following scenario: > > A messages was sent out on one of the lists. The message was a bit large > (about 300k). There are three e-mail addresses listed as admin for this > list. Now, it just happened that one of the admin e-mail addresses was out > of disk space so there was a bounce back to the -admin address, which was > going back to the same admin.... and a loop got started.... > > Is this the expected behavior in this scenario or perhaps is the result > of a broken/misconfigured smtp server? I'm not sure about Barry, but I expect it. :) This happens to me every few weeks. 1100 admins, just too many for us to govern proactively. It's not a traditional mail loop, since there's a new message with each rebound. Mailman would need to detect bounces from an admin's address to the -admin list address, I guess. Is that feasible using the existing bounce-detection modules? You could also configure the mail server to block mail to addresses that receive mail too quickly -- like, say, half a gigabyte in under 10 minutes is a bad sign. Not sure that's possible in most MTAs without some concurrent process watching the log and adjusting access rules on the fly. -- -D. dgc@uchicago.edu NSIT University of Chicago From bkc@murkworks.com Mon Jul 30 17:47:00 2001 From: bkc@murkworks.com (Brad Clements) Date: Mon, 30 Jul 2001 12:47:00 -0400 Subject: [Mailman-Developers] Extract and Archive attachments, faq but .. In-Reply-To: <200107301057.f6UAvH627165@sun31.imbi.uni-freiburg.de> References: Your message of "Tue, 10 Jul 2001 17:53:39 +0200." <200107101553.f6AFrd618050@sun8.imbi.uni-freiburg.de> Message-ID: <3B6557F8.12661.4725FB1@localhost> I know this topic has been discussed at lot on the list, and it should be a faq (but it's not). I need to extract images from posts, put them up on a web site, put the URL in the message and send it to the list.. And throw away or reject messages with any other kind of attachment. I see this has been hinted as an upcoming feature (maybe). And I see that Patch #413752 is heading in the direction I want to go. Is anyone actively working on what I need? Where's the best place for me to start in the code to write what I want? Should I start with patch #413752 and go from there? Will that patch get integrated into future source? Thanks for suggestions Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax netmeeting: ils://ils.murkworks.com AOL-IM: BKClements From barry@zope.com Mon Jul 30 18:03:42 2001 From: barry@zope.com (Barry A. Warsaw) Date: Mon, 30 Jul 2001 13:03:42 -0400 Subject: [Mailman-Developers] and interesting loop References: Message-ID: <15205.37742.479405.954123@anthem.wooz.org> Mailman /should/ be protected from this scenario. A bounce from the list owners or admins should always go to the -owner address. qrunner then scans the sender to see if it's in mm_cfg.LIKELY_BOUNCE_SENDERS. If so, it discards and logs the message. What was the From: field of the bounce? Did the bounce go to -owner or to some other address? -Barry From kaja@daimi.au.dk Mon Jul 30 18:09:47 2001 From: kaja@daimi.au.dk (Kaja P. Christiansen) Date: Mon, 30 Jul 2001 19:09:47 +0200 Subject: [Mailman-Developers] Looping digest - mailman bug? Message-ID: <15205.38107.541898.68781@daimi.au.dk> Hi, On Wed, 20 Jun 2001 19:12:00 +0200, I wrote: > Last Monday, one of our mailing lists went mad and sent multiple copies > of the same digest to the list's digest users. > > [...] > > The traceback in the errors log shows: > > Jun 19 00:01:01 2001 (18618) Traceback (innermost last): > File "/usr/local/mailman203/Mailman/Handlers/HandlerAPI.py", line 82, in do_pipeline > func(mlist, msg, msgdata) > File "/usr/local/mailman203/Mailman/Handlers/Sendmail.py", line 86, in process > fp.write(msgtext) > IOError: [Errno 32] Broken pipe > > We run Mailman 2.0.3 with Postfix. I addressed this problem earlier > (March 26th), but there was no reply. Several of our lists suffered from Mailman's mail bombing and we turned the digest option off in hope it'll help. It did, for a while, until the same happened with a non-digest message being send over and over again (once per minute, by qrunner). We were able to locate where and how it happens, and to 'reproduce' the error (in laboratory conditions :-) both under mailman 2.0.3 and 2.0.6. The mail looping occurs when there is a MIME message with a single . (dot) in a line; Mailman sends it to sendmail 'as is'. But since sendmail/postfix interprets a line with single dot as the end of the message, it sends everything before the dot and exits with 'Broken pipe'. Mailman, however, still has the message in it's queue and sends it all over again... When I tried sending non-MIME message with single-dot-line in it to a Mailman list, there was no looping, but the message body after the single dot was missing. Until there is something better, I suggest adding to Sendmail.py a patch which perhaps is not pretty (it adds a space before the infamous dot), but it works: --- ./Mailman/Handlers/Sendmail.py.orig Fri Jul 27 13:40:31 2001 +++ ./Mailman/Handlers/Sendmail.py Fri Jul 27 14:11:46 2001 @@ -31,6 +31,7 @@ import string import os +import re import HandlerAPI from Mailman import mm_cfg @@ -80,6 +81,8 @@ msgtext = str(msg) # cycle through all chunks failedrecips = [] + bar = re.compile('\n\.') + msgtext = re.sub(bar, '\n .', msgtext, 0) for chunk in recipchunks: # TBD: SECURITY ALERT. This invokes the shell! fp = os.popen(cmd + chunk, 'w') Kaja From James.Madill@duke.edu Mon Jul 30 18:18:23 2001 From: James.Madill@duke.edu (James Madill) Date: Mon, 30 Jul 2001 13:18:23 -0400 Subject: [Mailman-Developers] Memory error when running arch Message-ID: This is a multipart message in MIME format. --=_alternative 005F161D85256A99_= Content-Type: text/plain; charset="us-ascii" Last night, when running arch against one of the mailing lists on my Mailman server, the following error was displayed on the terminal: Updating HTML for article 12815 Updating HTML for article 12816 Updating HTML for article 12817 Traceback (most recent call last): File "./arch", line 129, in ? main() File "./arch", line 119, in main archiver.close() File "/mailman/Mailman/Archiver/pipermail.py", line 304, in close self.update_dirty_archives() File "/mailman/Mailman/Archiver/HyperArch.py", line 949, in update_dirty_archives self.__super_update_dirty_archives() File "/mailman/Mailman/Archiver/pipermail.py", line 513, in update_dirty_archives self.update_archive(i) File "/mailman/Mailman/Archiver/HyperArch.py", line 952, in update_archive self.__super_update_archive(archive) File "/mailman/Mailman/Archiver/pipermail.py", line 422, in update_archive self._update_thread_index(archive, arcdir) File "/mailman/Mailman/Archiver/pipermail.py", line 479, in _update_thread_index self.update_article(arcdir, article, a1, a3) File "/mailman/Mailman/Archiver/HyperArch.py", line 1115, in update_article f.write(article.as_html()) File "/mailman/Mailman/Archiver/HyperArch.py", line 298, in as_html return self.html_tmpl % d MemoryError $ When I reran it this morning after checking the OS for errors, the same problem occured: Updating HTML for article 12490 Updating HTML for article 12491 Updating HTML for article 12492 Updating index files for archive [2001-February] Date no mem for new parser Traceback (most recent call last): File "./arch", line 129, in ? main() File "./arch", line 119, in main archiver.close() File "/mailman/Mailman/Archiver/pipermail.py", line 304, in close self.update_dirty_archives() File "/mailman/Mailman/Archiver/HyperArch.py", line 949, in update_dirty_archives self.__super_update_dirty_archives() File "/mailman/Mailman/Archiver/pipermail.py", line 513, in update_dirty_archives self.update_archive(i) File "/mailman/Mailman/Archiver/HyperArch.py", line 952, in update_archive self.__super_update_archive(archive) File "/mailman/Mailman/Archiver/pipermail.py", line 420, in update_archive self._update_simple_index(hdr, archive, arcdir) File "/mailman/Mailman/Archiver/pipermail.py", line 437, in _update_simple_index article = self.database.getArticle(self.archive, msgid) File "/mailman/Mailman/Archiver/HyperDatabase.py", line 279, in getArticle article = self.__cache[msgid] = pickle.loads(buf) MemoryError $ The three cron jobs also appeared to fail today as well: Your "cron" job on arachnia /usr/local/bin/python -S /mailman/cron/qrunner produced the following output: Traceback (most recent call last): File "/mailman/cron/qrunner", line 85, in ? from Mailman import MailList File "/mailman/Mailman/MailList.py", line 43, in ? from Mailman.MailCommandHandler import MailCommandHandler MemoryError -- Your "cron" job on arachnia /usr/local/bin/python -S /mailman/cron/gate_news produced the following output: Traceback (most recent call last): File "/mailman/cron/gate_news", line 40, in ? from Mailman import MailList File "/mailman/Mailman/MailList.py", line 44, in ? from Mailman.HTMLFormatter import HTMLFormatter File "/mailman/Mailman/HTMLFormatter.py", line 27, in ? from Mailman.htmlformat import * MemoryError -- Your "cron" job on arachnia /usr/local/bin/python -S /mailman/cron/senddigests produced the following output: Traceback (most recent call last): File "/mailman/cron/senddigests", line 65, in ? main() File "/mailman/cron/senddigests", line 42, in main send_list_digest(mlist) File "/mailman/cron/senddigests", line 46, in send_list_digest mlist.Lock() File "/mailman/Mailman/MailList.py", line 1343, in Lock self.Load() File "/mailman/Mailman/MailList.py", line 903, in Load raise Errors.MMCorruptListDatabaseError, e Mailman.Errors.MMCorruptListDatabaseError: bad marshal data The machine is a Solaris 7 box with 256Meg of RAM Mailman version is 2.0.6 Python version is 2.1 The list in question has about 16,000 archived messages arch has no problem running against lists with fewer messages in the archives. It looks like the arch script might be overflowing some kind of Python memory buffer. Any ideas, solutions? -- James o o o o o o o . . . _______________________ _______=======_T___ o _____ |James Madill | |Duke Univ Med Ctr| >.][__n_n_| D[ ====|____ |james.madill@duke.edu| | (919) 286-6384 | (________|__|_[____/____]_|_____________________|_|_________________| _/oo O-O-O ` oo oo 'o^o^o o^o^o` 'o^o o^o` -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- --=_alternative 005F161D85256A99_= Content-Type: text/html; charset="us-ascii"
            Last night, when running arch against one of the mailing lists on my Mailman server, the following error was displayed on the terminal:

                    Updating HTML for article 12815
                    Updating HTML for article 12816
                    Updating HTML for article 12817
                    Traceback (most recent call last):
                      File "./arch", line 129, in ?
                        main()
                      File "./arch", line 119, in main
                        archiver.close()
                      File "/mailman/Mailman/Archiver/pipermail.py", line 304, in close
                        self.update_dirty_archives()
                      File "/mailman/Mailman/Archiver/HyperArch.py", line 949, in update_dirty_archives
                        self.__super_update_dirty_archives()
                      File "/mailman/Mailman/Archiver/pipermail.py", line 513, in update_dirty_archives
                        self.update_archive(i)
                      File "/mailman/Mailman/Archiver/HyperArch.py", line 952, in update_archive
                        self.__super_update_archive(archive)
                      File "/mailman/Mailman/Archiver/pipermail.py", line 422, in update_archive
                        self._update_thread_index(archive, arcdir)
                      File "/mailman/Mailman/Archiver/pipermail.py", line 479, in _update_thread_index
                        self.update_article(arcdir, article, a1, a3)
                      File "/mailman/Mailman/Archiver/HyperArch.py", line 1115, in update_article
                        f.write(article.as_html())
                      File "/mailman/Mailman/Archiver/HyperArch.py", line 298, in as_html
                        return self.html_tmpl % d
                    MemoryError
                    $

            When I reran it this morning after checking the OS for errors, the same problem occured:

                    Updating HTML for article 12490
                    Updating HTML for article 12491
                    Updating HTML for article 12492
                    Updating index files for archive [2001-February]
                      Date
                    no mem for new parser
                    Traceback (most recent call last):
                      File "./arch", line 129, in ?
                        main()
                      File "./arch", line 119, in main
                        archiver.close()
                      File "/mailman/Mailman/Archiver/pipermail.py", line 304, in close
                        self.update_dirty_archives()
                      File "/mailman/Mailman/Archiver/HyperArch.py", line 949, in update_dirty_archives
                        self.__super_update_dirty_archives()
                      File "/mailman/Mailman/Archiver/pipermail.py", line 513, in update_dirty_archives
                        self.update_archive(i)
                      File "/mailman/Mailman/Archiver/HyperArch.py", line 952, in update_archive
                        self.__super_update_archive(archive)
                      File "/mailman/Mailman/Archiver/pipermail.py", line 420, in update_archive
                        self._update_simple_index(hdr, archive, arcdir)
                      File "/mailman/Mailman/Archiver/pipermail.py", line 437, in _update_simple_index
                        article = self.database.getArticle(self.archive, msgid)
                      File "/mailman/Mailman/Archiver/HyperDatabase.py", line 279, in getArticle
                        article = self.__cache[msgid] = pickle.loads(buf)
                    MemoryError
                    $

            The three cron jobs also appeared to fail today as well:

                    Your "cron" job on arachnia
                    /usr/local/bin/python -S /mailman/cron/qrunner

                    produced the following output:

                    Traceback (most recent call last):
                      File "/mailman/cron/qrunner", line 85, in ?
                        from Mailman import MailList
                      File "/mailman/Mailman/MailList.py", line 43, in ?
                        from Mailman.MailCommandHandler import MailCommandHandler
                    MemoryError

            --

                    Your "cron" job on arachnia
                   /usr/local/bin/python -S /mailman/cron/gate_news

                   produced the following output:

                   Traceback (most recent call last):
                     File "/mailman/cron/gate_news", line 40, in ?
                       from Mailman import MailList
                     File "/mailman/Mailman/MailList.py", line 44, in ?
                       from Mailman.HTMLFormatter import HTMLFormatter
                     File "/mailman/Mailman/HTMLFormatter.py", line 27, in ?
                       from Mailman.htmlformat import *
                   MemoryError
            --

                    Your "cron" job on arachnia
                   /usr/local/bin/python -S /mailman/cron/senddigests

                   produced the following output:

                   Traceback (most recent call last):
                     File "/mailman/cron/senddigests", line 65, in ?
                       main()
                     File "/mailman/cron/senddigests", line 42, in main
                       send_list_digest(mlist)
                     File "/mailman/cron/senddigests", line 46, in send_list_digest
                       mlist.Lock()
                     File "/mailman/Mailman/MailList.py", line 1343, in Lock
                       self.Load()
                     File "/mailman/Mailman/MailList.py", line 903, in Load
                       raise Errors.MMCorruptListDatabaseError, e
                   Mailman.Errors.MMCorruptListDatabaseError: bad marshal data
            The machine is a Solaris 7 box with 256Meg of RAM
            Mailman version is 2.0.6
            Python version is 2.1
            The list in question has about 16,000 archived messages

            arch has no problem running against lists with fewer messages in the archives.  It looks like the arch script might be overflowing some kind of Python memory buffer.

            Any ideas, solutions?

            -- James

                             o o o o o o o . . .   _______________________ _______=======_T___
                           o      _____            |James Madill         | |Duke Univ Med Ctr|
            >.][__n_n_| D[  ====|____  |james.madill@duke.edu| | (919) 286-6384  |
             (________|__|_[____/____]_            |_____________________|_|_________________|
            _/oo  O-O-O  `  oo     oo  'o^o^o           o^o^o` 'o^o           o^o`
            -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
            <http://www.duke.edu/~madil001/>
            --=_alternative 005F161D85256A99_=-- From James.Madill@duke.edu Mon Jul 30 18:18:43 2001 From: James.Madill@duke.edu (James Madill) Date: Mon, 30 Jul 2001 13:18:43 -0400 Subject: [Mailman-Developers] What are your mnogosearch indexer.conf Server/Realm parameters? Message-ID: This is a multipart message in MIME format. --=_alternative 005F1DE385256A99_= Content-Type: text/plain; charset="us-ascii" I am trying to configure mnogosearch to index only the individual messages in the archives, both public and private. I can use: Server http://xxxxxx.duke.edu/ to index standard web pages and Server http://xxxxxx.duke.edu/pipermail/ file:/mailman/archives/public/ to generate an index for *all* of the files in the Mailman public archives. My attempts at using Realm to index just the individual messages has failed Realm Regex ^http://xxxxxx.duke.edu/pipermail/.*/[0-9]\.html Realm Regex ^http://xxxxxx.duke.edu/pipermail/.*/[0-9]\.html file:/mailman/archives/public/.*/[0-9]\.html Realm Regex ^http://xxxxxx.duke.edu/pipermail/ indexer does not seem to recognize any of them. What are you using to index your archives for searching? -- James o o o o o o o . . . _______________________ _______=======_T___ o _____ |James Madill | |Duke Univ Med Ctr| >.][__n_n_| D[ ====|____ |james.madill@duke.edu| | (919) 286-6384 | (________|__|_[____/____]_|_____________________|_|_________________| _/oo O-O-O ` oo oo 'o^o^o o^o^o` 'o^o o^o` -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- --=_alternative 005F1DE385256A99_= Content-Type: text/html; charset="us-ascii"
            I am trying to configure mnogosearch to index only the individual messages in the archives, both public and private.  I can use:

                    Server http://xxxxxx.duke.edu/

            to index standard web pages and

                    Server http://xxxxxx.duke.edu/pipermail/ file:/mailman/archives/public/

            to generate an index for *all* of the files in the Mailman public archives.  My attempts at using Realm  to index just the individual messages has failed

                    Realm Regex ^http://xxxxxx.duke.edu/pipermail/.*/[0-9]\.html
                    Realm Regex ^http://xxxxxx.duke.edu/pipermail/.*/[0-9]\.html file:/mailman/archives/public/.*/[0-9]\.html
                    Realm Regex ^http://xxxxxx.duke.edu/pipermail/

            indexer does not seem to recognize any of them.

            What are you using to index your archives for searching?

            -- James

                             o o o o o o o . . .   _______________________ _______=======_T___
                           o      _____            |James Madill         | |Duke Univ Med Ctr|
            >.][__n_n_| D[  ====|____  |james.madill@duke.edu| | (919) 286-6384  |
             (________|__|_[____/____]_            |_____________________|_|_________________|
            _/oo  O-O-O  `  oo     oo  'o^o^o           o^o^o` 'o^o           o^o`
            -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
            <http://www.duke.edu/~madil001/>
            --=_alternative 005F1DE385256A99_=-- From mentor@alb-net.com Mon Jul 30 18:39:41 2001 From: mentor@alb-net.com (Mentor Cana) Date: Mon, 30 Jul 2001 13:39:41 -0400 (EDT) Subject: [Mailman-Developers] and interesting loop In-Reply-To: <15205.37742.479405.954123@anthem.wooz.org> Message-ID: On Mon, 30 Jul 2001, at 13:03 -0400, Barry A. Warsaw wrote: > Mailman /should/ be protected from this scenario. A bounce from the > list owners or admins should always go to the -owner address. qrunner > then scans the sender to see if it's in mm_cfg.LIKELY_BOUNCE_SENDERS. > If so, it discards and logs the message. > > What was the From: field of the bounce? Did the bounce go to -owner > or to some other address? > > -Barry The From: is as this: MAILER-DAEMON@onemain.com And the bounce went to -admin@ address.... -- Mentor From thomas@xs4all.net Mon Jul 30 20:06:41 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Mon, 30 Jul 2001 21:06:41 +0200 Subject: [Mailman-Developers] Looping digest - mailman bug? In-Reply-To: <15205.38107.541898.68781@daimi.au.dk> References: <15205.38107.541898.68781@daimi.au.dk> Message-ID: <20010730210641.D20676@xs4all.nl> On Mon, Jul 30, 2001 at 07:09:47PM +0200, Kaja P. Christiansen wrote: > Until there is something better, I suggest adding to Sendmail.py a patch > which perhaps is not pretty (it adds a space before the infamous dot), > but it works: > --- ./Mailman/Handlers/Sendmail.py.orig Fri Jul 27 13:40:31 2001 > +++ ./Mailman/Handlers/Sendmail.py Fri Jul 27 14:11:46 2001 > @@ -31,6 +31,7 @@ > > import string > import os > +import re > > import HandlerAPI > from Mailman import mm_cfg > @@ -80,6 +81,8 @@ > msgtext = str(msg) > # cycle through all chunks > failedrecips = [] > + bar = re.compile('\n\.') > + msgtext = re.sub(bar, '\n .', msgtext, 0) Sorry, this is the wrong fix. "\n." isn't the pattern that breaks it; you want "\r?\n.\r?\n". And the proper escape of a single dot on a line is doubling it (see the SMTP standard.) Barry, do you have a clue whether msgtext is guaranteed (not) to have \r's (CR) in them ? If either is guaranteed, we don't even need to use that ugly 're' module :) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From claw@kanga.nu Mon Jul 30 20:20:46 2001 From: claw@kanga.nu (J C Lawrence) Date: Mon, 30 Jul 2001 12:20:46 -0700 Subject: [Mailman-Developers] What are your mnogosearch indexer.conf Server/Realm parameters? In-Reply-To: Message from "James Madill" of "Mon, 30 Jul 2001 13:18:43 EDT." References: Message-ID: <24018.996520846@kanga.nu> On Mon, 30 Jul 2001 13:18:43 -0400 James Madill wrote: > What are you using to index your archives for searching? I use MHonArc as an external archiver and then appropriately set the META INDEX headers such that mnogosearch indexes the messages and not the indexes. -- J C Lawrence )\._.,--....,'``. ---------(*) /, _.. \ _\ ;`._ ,. claw@kanga.nu `._.-(,_..'--(,_..'`-.;.' http://www.kanga.nu/~claw/ Oh Freddled Gruntbuggly From thomas@xs4all.net Mon Jul 30 21:27:37 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Mon, 30 Jul 2001 22:27:37 +0200 Subject: [Mailman-Developers] Memory error when running arch In-Reply-To: References: Message-ID: <20010730222737.E20676@xs4all.nl> On Mon, Jul 30, 2001 at 01:18:23PM -0400, James Madill wrote: > Last night, when running arch against one of the mailing lists on my > Mailman server, the following error was displayed on the terminal: > return self.html_tmpl % d > MemoryError > When I reran it this morning after checking the OS for errors, the same > problem occured: > The three cron jobs also appeared to fail today as well: > /usr/local/bin/python -S /mailman/cron/qrunner > Traceback (most recent call last): > File "/mailman/cron/qrunner", line 85, in ? > from Mailman import MailList > File "/mailman/Mailman/MailList.py", line 43, in ? > from Mailman.MailCommandHandler import MailCommandHandler > MemoryError These MemoryErrors are either Python running out of stackspace, or your process/machine running out of memory (malloc() returning NULL.) Actually, under most operating systems, I think the first doesn't even raise a MemoryError, so the most likely cause is just out of memory. I doubt the machine itself is running out of memory (most operating systems overallocate, anyway, so it should just crash when it does, not return a 'nice' error.) Instead, you probably have memory limits on your machine. Not sure about Solaris, but on BSDI you tweak limits in /etc/login.conf, and on Linux /etc/login.defs (I think -- I've never actually had to do it :). You can also use 'limits -a' (bash) or 'limit' (tcsh) to see the memory limits of your current process (though Cron jobs may be started with different process limits) and 'ulimit' or 'unlimit' to remove/raise limits. > /usr/local/bin/python -S /mailman/cron/senddigests > Traceback (most recent call last): > File "/mailman/cron/senddigests", line 65, in ? > main() > File "/mailman/cron/senddigests", line 42, in main > send_list_digest(mlist) > File "/mailman/cron/senddigests", line 46, in send_list_digest > mlist.Lock() > File "/mailman/Mailman/MailList.py", line 1343, in Lock > self.Load() > File "/mailman/Mailman/MailList.py", line 903, in Load > raise Errors.MMCorruptListDatabaseError, e > Mailman.Errors.MMCorruptListDatabaseError: bad marshal data This is probably not the cause of the problems, though it *could* be... hmmm... It looks like the config db of one of your lists is broken. Perhaps you had a disk full or quota problems ? The previous crashes shouldn't have caused this, since they didn't crash Mailman during the write of the marshal. If you'll check your Mailman logs ($prefix/logs/errors, to be exact), you should see a message like db file was corrupt, using fallback: That's your broken list. To see if the marshal is really broken, use $prefix/bin/dumpdb lists//config.db If that dumps a lot of info like { 'acceptable_aliases': '', 'admin_immed_notify': 1, 'admin_member_chunksize': 30, 'admin_notify_mchanges': 1, [... lots more ....] your config.db is not broken, but rather something goes wrong when you try to read it in... Probably the same MemoryError being masked somewhere... Ah, yeah, now that I check it, that is definately possible. If your config.db *is* broken, your best chance is to restore a backup, since the 'previous version' Mailman keeps around is also broken (it tries to load it automatically.) If all else fails, you'll have to recreate the list :-( But it's probably a MemoryError just like the rest. > arch has no problem running against lists with fewer messages in the > archives. It looks like the arch script might be overflowing some kind of > Python memory buffer. Python doesn't have that many (limited) memory buffers... As long as the OS allows it to grow, it keeps on growing. :) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread! From jarrell@vt.edu Mon Jul 30 21:21:24 2001 From: jarrell@vt.edu (Ron Jarrell) Date: Mon, 30 Jul 2001 16:21:24 -0400 Subject: [Mailman-Developers] MM2.1a2 integration with Sendmail In-Reply-To: <11596.996438617@kanga.nu> References: <5.1.0.14.2.20010729150640.038252a0@lennier.cc.vt.edu> <5.1.0.14.2.20010729064217.03cc2260@lennier.cc.vt.edu> <5.1.0.14.2.20010729150640.038252a0@lennier.cc.vt.edu> Message-ID: <5.1.0.14.2.20010730161227.025b7bd0@lennier.cc.vt.edu> At 01:30 PM 7/29/01 -0700, J C Lawrence wrote: >On Sun, 29 Jul 2001 15:15:10 -0400 >Ron Jarrell wrote: > >> Yes, you could do some handwaving with psuedo hosts. But, if >> you're mixing lists and people, how are you going to tell which >> are which without keeping a list of them somewhere? At that >> point, /etc/aliases isn't a bad way to go... Unless all your >> lists have a particular pattern (i.e. they're *all* something-l) > >There are easier ways to go. If .../lists//config.db >exists its a moderately safe bet that a Mailman list "listname" >exists and that therefore all the matching addresses also (should) >exist with appropriate rewrites. Many use exactly this algorithm >under various MTAs to run without any list specific alias files. Yea, I thought about that. Unfortunately, that kind of lookup is tough to do, and expensive. The pile of black magic dust was growing, so I stopped thinking about it. You'd basically have to write another program, and build a program class map, along the lines of Ksomething program /home/mailman/is-it-a-list That could be an honest to god "verify the existence of a list" python program, or just a simple shell script that probes for the config db. It would also have to cope with figuring out the -owner, et.al aliases. You then need to write cf code that handles the return from that program, and if it looks right, delivering it as mailman:address, which would trigger the mailman rule that goes to the existing mm-handler. However, every piece of mail through your machine then would cause an extra fork and exec to fire off this db routine. The other option, if you want to avoid the potential security issue of having sendmail generate aliases from a file writable by mailman, is to have a periodic process that just kicks out a list of lists, and their associated other aliases. You could build that into an honest to god db map periodically with makemap, and then do a native sendmail hash lookup, at which point we're back to the "write cf code to deliver to mailman:foobar", which would perform much better, but still has the "something's gotta run." It's much cleaner if you can seperate out lists.whatever hostnames, but not everyone can do that. From alex@phred.org Mon Jul 30 21:37:08 2001 From: alex@phred.org (alex wetmore) Date: Mon, 30 Jul 2001 13:37:08 -0700 (PDT) Subject: [Mailman-Users] Re: [Mailman-Developers] Looping digest - mailman bug? In-Reply-To: <20010730210641.D20676@xs4all.nl> Message-ID: <20010730133518.C61068-100000@phred.org> On Mon, 30 Jul 2001, Thomas Wouters wrote: > Sorry, this is the wrong fix. "\n." isn't the pattern that breaks it; you > want "\r?\n.\r?\n". And the proper escape of a single dot on a line is > doubling it (see the SMTP standard.) Barry, do you have a clue whether > msgtext is guaranteed (not) to have \r's (CR) in them ? If either is > guaranteed, we don't even need to use that ugly 're' module :) RFC2822 requires CRLF to end a line, not just LF and not just CR. However there are many broken SMTP clients which ignore this requirement. alex From thomas@xs4all.net Mon Jul 30 22:33:56 2001 From: thomas@xs4all.net (Thomas Wouters) Date: Mon, 30 Jul 2001 23:33:56 +0200 Subject: [Mailman-Users] Re: [Mailman-Developers] Looping digest - mailman bug? In-Reply-To: <20010730133518.C61068-100000@phred.org> References: <20010730133518.C61068-100000@phred.org> Message-ID: <20010730233356.D20671@xs4all.nl> On Mon, Jul 30, 2001 at 01:37:08PM -0700, alex wetmore wrote: > On Mon, 30 Jul 2001, Thomas Wouters wrote: > > Sorry, this is the wrong fix. "\n." isn't the pattern that breaks it; you > > want "\r?\n.\r?\n". And the proper escape of a single dot on a line is > > doubling it (see the SMTP standard.) Barry, do you have a clue whether > > msgtext is guaranteed (not) to have \r's (CR) in them ? If either is > > guaranteed, we don't even need to use that ugly 're' module :) > RFC2822 requires CRLF to end a line, not just LF and not just CR. > However there are many broken SMTP clients which ignore this > requirement. That's not the issue; IIRC, both the smtplib module (used by the SMTPDirect delivery in Mailman) as the Sendmail deliverer use CRLF's, adding CR's where necessary. (One of the very best reasons for a 'rich' standard library like Python's is strict compliance to the standards. Like you say, the CR/LF issue is ignored by so many mail-sending and -receiving applications, it's just not funny. By using smtplib, the burden gets lifted off your shoulders, and you do it 'correct' whether you want it or not :) My question was whether the message text, at that moment, was guaranteed to contain CR's (or guaranteed not to contain them.) I'm not sure what kind of mangling Barry's mimelib does :) -- Thomas Wouters Hi! I'm a .signature virus! copy me into your .signature file to help me spread!