Coordination between developers in the Python project

[Steven D'Aprano]

On Mon, 05 Nov 2012 14:09:08 -0500, Terry Reedy wrote:

> On 11/1/2012 4:49 PM, Tengy Td wrote:
>> Hello,
>>
>>
>> I am a French student and I am currently realizing my final thesis in
>> the field of Free/libre open source software.
> 
> If you really are what you claim, you should give more details to make
> that plausible: university, college/dept, course of study, and post from
> a university account, not an address at one of the current favorite
> sites for con artists.
> 
>> It would be a great help for me if you could answer a short online
>> survey (it should take approximately 5 minutes).
> 
> If you want the survey emailed to you, you should include it. If it is
> hosted on a legitimate survey site, you should give a direct link.

I'm pretty sure that "legitimate" survey sites don't vet the moral 
character of their users. Just because a link comes from 
"www.legitimatesurveys.com" doesn't mean it is safe or desirable.


https://docs.google.com/spreadsheet/viewform?
formkey=dDE4YzYxZ1lDN0dpdFFheGJZM3prdVE6MA

Is that legitimate enough? 


>> The link to the survey is:http://bit.ly/SzVrJe
> 
> Careful people do not open anonymous links from stangers. That file
> could literally be anything, including a malware injection page.

Yes dad.

While it is good and proper to exhibit a certain level of caution on the 
internet, it is important to keep the dangers in perspective and not go 
overboard. You just implicitly accusing somebody of likely being a 
criminal who lures others to a malware site based on little more evidence 
than the fact that he has a gmail email address and linked to bit.ly. I 
think that has edging right up to the line between showing proper 
caution, and rudeness and paranoia.

"Legitimate" sites are not safe either. With the proliferation of 
Javascript, Flash, third-party advertisers, etc., just about any http 
page on the Internet could in principle contain malware. And not just by 
accident: Google has been caught illegally installing tracking cookies 
then lying about it, Sony installed a root-kit on users' computers 
(although not over the Internet) and Facebook is engaged in a neverending 
privacy and security war against its users.

Nevertheless most pages are safe. Hundreds of millions of people browse 
the web without being infected, protected by a combination of:

- firewall
- OS security features (such as not running everything as the
  Administrator or root user)
- anti-virus and anti-spyware software

etc.

Let me be frank here: if this link was malware, there would be *far* more 
cost-effective ways to spread it than by appealing to FOSS developers to 
fill in a survey. A fake link promoted with "Check out this blog post by 
Linus Torvalds where he smacks down Richard Stallman" ought to do it.



>> I would like to remind you that the participation is absolutely
>> anonymous and voluntary, and you can quit it at any time. Your answers
>> will be strictly confidential and will be used only for research
>> purpose (no commercial use of any information you provided).
> 
> Even if you mean that for yourself, you cannot guarantee any of that.
> For all you know, bit.ly records the ip address of each click.

You use gmane to post here. How do you know that they aren't recording 
your IP address? If they are, what are they going to do with it? What 
nefarious use do you think people are going to do with your IP address?



-- 
Steven