[Mailman-Users] a few questions about the NNTP gateway
Brad Knowles
brad at shub-internet.org
Tue Aug 7 09:20:36 CEST 2007
On 8/7/07, Manlio Perillo wrote:
> Well, having a pre-built packages systems has also some benefits.
True enough, and where it makes sense we do make wide use of binary
packages for other things on the system.
> The Debian Secutiry team still supports Debian Sarge.
> And in theory, if a security problem is found in an upstream package,
> the fix should be back ported on the Debian package.
The crux of that problem is the "... in theory ..." part.
In practice, we know that they make a lot of modifications that they
don't share with us (for whatever reason), and because of all of the
internal code changes, we can't be sure that when we fix a bug in our
code that they fix the same bug in theirs, or that they don't create
other bugs that we don't have.
Also, we know that they tend to be slow to update, and they tend to
limit the stuff they back-port.
So, for critical stuff, I strongly believe that you really do want to
run from the source tarballs themselves.
> Well, the question of email in clear was raised by an
> it.comp.lang.python newsgroup user.
> And on this newsgroup, many of us do not use their real email address.
If you're used to address obfuscation, then you probably don't know
how many news servers out there that are silently throwing away your
articles. And you probably do care more about the address
obfuscation than getting your articles to the widest possible
audience.
However, as a system administrator who would be supporting a
reasonably large group of people, the problem you've got is that what
particular individuals think is good for them is not necessarily good
for the group as a whole, and may not even be good for the particular
individuals who don't know any better.
You will need to choose where to balance the expectations and
benefits of single individuals against those of the group, and you
will also have to take into account the capabilities of the software.
One thing to keep in mind is that e-mail users generally assume that
the addresses will not be obfuscated, and so if they start seeing
obfuscated addresses then they are likely to be confused --
especially if they try to reply to that person directly. So, they
may have a benefit by having their e-mail addresses obfuscated when
the cross the gateway, but they don't generally have an expectation
that the gateway would do this for them. Overall, obfuscated
addresses for e-mail users are a bad thing.
In the case of USENET users, they may well be used to the address
obfuscation of their choice, and they shouldn't be too surprised to
see some users whose addresses are not obfuscated. However, you may
not be able to re-generate a valid e-mail address for them based on
their obfuscation scheme, so it's going to be difficult to
un-scramble that egg. Overall, obfuscated addresses for USENET users
may somewhat reduce their spam load, but these days spammers have
multiple address snarfing techniques, so any obfuscation that is done
is likely to be of minimal real benefit, although they may perceive a
much larger benefit than is actually achieved.
When you mix these communities via a gateway, you get some
interesting problems where the expectations of one group conflict
with the expectations of the other. And I'm not sure that anyone
here can give you any hard rules to follow in such cases.
--
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
More information about the Mailman-Users
mailing list