From brett at python.org Tue May 8 01:13:26 2007 From: brett at python.org (Brett Cannon) Date: Mon, 7 May 2007 16:13:26 -0700 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: <87vefp58wp.fsf@uterus.efod.se> References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> Message-ID: On 4/21/07, Erik Forsberg wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > "Brett Cannon" writes: > > > On 4/21/07, Erik Forsberg wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> "Brett Cannon" writes: > >> > >> > It looks like we only have 2 urgent issues and 2 bug issues. How > long > >> > do people think it will take to get those closed? > >> > >> Regarding issue111, you'll have to ask "SF.net Site Enhancement" :-(. > >> > > > > Damn. Can we resurrect Fredrik's tool if SF doesn't get off their ass > > and fix the export? > > Well.. I'm sure it can be done, but I'm also sure it will take quite > some time to get it working again. Also, the xml-based importer is > much faster as it doesn't have to download everything piece by piece, > compensating for sf's surge protection along the way. > > Some friendly feedback on > > https://sourceforge.net/tracker/?func=detail&atid=200001&aid=1687916&group_id=1 > from somebody else than me to show that more than one person is > interested in a solution might help. Perhaps we should avoid > mentioning that the reason we want a complete backup is to be able to > move away from sf - that might disturb their view of the importance of > the problem.. So I tried to do this but I couldn't get the tool to run; missing some Perl module and I don't know Perl so I don't know how to get it and install it. I did notice that at least Martin commented. -Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/tracker-discuss/attachments/20070507/8fa6e8b2/attachment.htm From forsberg at efod.se Tue May 8 20:29:54 2007 From: forsberg at efod.se (Erik Forsberg) Date: Tue, 08 May 2007 20:29:54 +0200 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: (Brett Cannon's message of "Mon, 7 May 2007 16:13:26 -0700") References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> Message-ID: <87sla7b23h.fsf@uterus.efod.se> "Brett Cannon" writes: >> from somebody else than me to show that more than one person is >> interested in a solution might help. Perhaps we should avoid >> mentioning that the reason we want a complete backup is to be able to >> move away from sf - that might disturb their view of the importance of >> the problem.. > > > So I tried to do this but I couldn't get the tool to run; missing some Perl > module and I don't know Perl so I don't know how to get it and install it. It's OK to use Firefox or some other browser to repeat the problem - I'm using their perl script only to emphasize that the problem is not browser-specific. -- Erik Forsberg http://efod.se GPG/PGP Key: 1024D/0BAC89D9 From martin at v.loewis.de Tue May 8 23:04:41 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 08 May 2007 23:04:41 +0200 Subject: [Tracker-discuss] Spam Filtering Message-ID: <4640E5E9.5040405@v.loewis.de> Hi Skip, How is the spam filtering coming along? People still manage to load spam into the tracker, e.g. http://bugs.python.org/issue1030 It's (apparently) much less than it was initially, and it also helps that html file will now be downloaded as text/plain, but some spam still gets through. Regards, Martin From brett at python.org Wed May 9 01:19:10 2007 From: brett at python.org (Brett Cannon) Date: Tue, 8 May 2007 16:19:10 -0700 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: <87sla7b23h.fsf@uterus.efod.se> References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> <87sla7b23h.fsf@uterus.efod.se> Message-ID: On 5/8/07, Erik Forsberg wrote: > > "Brett Cannon" writes: > > >> from somebody else than me to show that more than one person is > >> interested in a solution might help. Perhaps we should avoid > >> mentioning that the reason we want a complete backup is to be able to > >> move away from sf - that might disturb their view of the importance of > >> the problem.. > > > > > > So I tried to do this but I couldn't get the tool to run; missing some > Perl > > module and I don't know Perl so I don't know how to get it and install > it. > > It's OK to use Firefox or some other browser to repeat the problem - > I'm using their perl script only to emphasize that the problem is not > browser-specific. OK, but because SF's interface sucks I can't find where to go to download the dump. And if it requires project admin privileges I don't have them. -Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/tracker-discuss/attachments/20070508/ddffe00a/attachment.htm From skip at pobox.com Wed May 9 02:53:35 2007 From: skip at pobox.com (skip at pobox.com) Date: Tue, 8 May 2007 19:53:35 -0500 Subject: [Tracker-discuss] Spam Filtering In-Reply-To: <4640E5E9.5040405@v.loewis.de> References: <4640E5E9.5040405@v.loewis.de> Message-ID: <17985.7055.256605.250372@montanaro.dyndns.org> Martin> How is the spam filtering coming along? I got stuck on Roundup. I suggested to Richard that we team up and modify core Roundup, but unless I misinterpreted his reply, it didn't seem like he was keen on that idea, so I just let it slide. My apologies. What version of Roundup are you running? A new summer of Tech Coffee has started up here in Chicago (a group of us get together to hack at a downtown coffee shop for a couple hours early Monday mornings for the next several weeks). I was going to use the time to try and learn Pylons, but I can switch and work on this instead. Maybe I can use it as a lure to other Chicago area Python folk to show up and help. Skip From martin at v.loewis.de Wed May 9 06:07:22 2007 From: martin at v.loewis.de (=?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?=) Date: Wed, 09 May 2007 06:07:22 +0200 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> <87sla7b23h.fsf@uterus.efod.se> Message-ID: <464148FA.9020900@v.loewis.de> > OK, but because SF's interface sucks I can't find where to go to > download the dump. And if it requires project admin privileges I don't > have them. Yes, it does require admin privs. Do you want them? Martin From brett at python.org Wed May 9 07:39:09 2007 From: brett at python.org (Brett Cannon) Date: Tue, 8 May 2007 22:39:09 -0700 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: <464148FA.9020900@v.loewis.de> References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> <87sla7b23h.fsf@uterus.efod.se> <464148FA.9020900@v.loewis.de> Message-ID: On 5/8/07, "Martin v. L?wis" wrote: > > > OK, but because SF's interface sucks I can't find where to go to > > download the dump. And if it requires project admin privileges I don't > > have them. > > Yes, it does require admin privs. Do you want them? Sure, why not. -Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/tracker-discuss/attachments/20070508/4a080425/attachment.html From nnorwitz at gmail.com Wed May 9 07:55:01 2007 From: nnorwitz at gmail.com (Neal Norwitz) Date: Tue, 8 May 2007 22:55:01 -0700 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> <87sla7b23h.fsf@uterus.efod.se> <464148FA.9020900@v.loewis.de> Message-ID: I added Brett as an admin. --n On 5/8/07, Brett Cannon wrote: > > > On 5/8/07, "Martin v. L?wis" wrote: > > > OK, but because SF's interface sucks I can't find where to go to > > > download the dump. And if it requires project admin privileges I don't > > > have them. > > > > Yes, it does require admin privs. Do you want them? > > > Sure, why not. > > -Brett > > > _______________________________________________ > Tracker-discuss mailing list > Tracker-discuss at python.org > http://mail.python.org/mailman/listinfo/tracker-discuss > > From izak at upfrontsystems.co.za Wed May 9 09:30:17 2007 From: izak at upfrontsystems.co.za (Izak Burger) Date: Wed, 09 May 2007 09:30:17 +0200 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: <87sla7b23h.fsf@uterus.efod.se> References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> <87sla7b23h.fsf@uterus.efod.se> Message-ID: <46417889.80906@upfrontsystems.co.za> Erik Forsberg wrote: >> So I tried to do this but I couldn't get the tool to run; missing some Perl >> module and I don't know Perl so I don't know how to get it and install it. > > It's OK to use Firefox or some other browser to repeat the problem - > I'm using their perl script only to emphasize that the problem is not > browser-specific. If you send me the error message I might be able to figure out which perl module it wants. I'm not a perl guru by any means, but I have some experience finding the correct libwhatever-perl debian package... From brett at python.org Wed May 9 19:37:15 2007 From: brett at python.org (Brett Cannon) Date: Wed, 9 May 2007 10:37:15 -0700 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: <46417889.80906@upfrontsystems.co.za> References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> <87sla7b23h.fsf@uterus.efod.se> <46417889.80906@upfrontsystems.co.za> Message-ID: On 5/9/07, Izak Burger wrote: > > Erik Forsberg wrote: > >> So I tried to do this but I couldn't get the tool to run; missing some > Perl > >> module and I don't know Perl so I don't know how to get it and install > it. > > > > It's OK to use Firefox or some other browser to repeat the problem - > > I'm using their perl script only to emphasize that the problem is not > > browser-specific. > > If you send me the error message I might be able to figure out which > perl module it wants. I'm not a perl guru by any means, but I have some > experience finding the correct libwhatever-perl debian package... > It's Crypt/SSLeay.pm . I just don't know how to install the thing (I assume I just download from CPAN). -Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/tracker-discuss/attachments/20070509/95cf1aa7/attachment.htm From brett at python.org Wed May 9 19:38:30 2007 From: brett at python.org (Brett Cannon) Date: Wed, 9 May 2007 10:38:30 -0700 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> <87sla7b23h.fsf@uterus.efod.se> <464148FA.9020900@v.loewis.de> Message-ID: On 5/8/07, Neal Norwitz wrote: > > I added Brett as an admin. --n Yep, I see it. First one listed, too. =) Geez, I remember way back when I thought it would be the coolest thing to be listed as a project admin for Python. Doesn't impress as much since I am involved in other ways now, but still kind of cool. -Brett On 5/8/07, Brett Cannon wrote: > > > > > > On 5/8/07, "Martin v. L?wis" wrote: > > > > OK, but because SF's interface sucks I can't find where to go to > > > > download the dump. And if it requires project admin privileges I > don't > > > > have them. > > > > > > Yes, it does require admin privs. Do you want them? > > > > > > Sure, why not. > > > > -Brett > > > > > > _______________________________________________ > > Tracker-discuss mailing list > > Tracker-discuss at python.org > > http://mail.python.org/mailman/listinfo/tracker-discuss > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/tracker-discuss/attachments/20070509/acba67b2/attachment.html From forsberg at efod.se Wed May 9 22:35:05 2007 From: forsberg at efod.se (Erik Forsberg) Date: Wed, 09 May 2007 22:35:05 +0200 Subject: [Tracker-discuss] Spam Filtering In-Reply-To: <17985.7055.256605.250372@montanaro.dyndns.org> (skip@pobox.com's message of "Tue, 8 May 2007 19:53:35 -0500") References: <4640E5E9.5040405@v.loewis.de> <17985.7055.256605.250372@montanaro.dyndns.org> Message-ID: <876471n3ba.fsf@uterus.efod.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 skip at pobox.com writes: > Martin> How is the spam filtering coming along? > > I got stuck on Roundup. I suggested to Richard that we team up and modify > core Roundup, but unless I misinterpreted his reply, it didn't seem like he > was keen on that idea, so I just let it slide. My apologies. You are referring to http://psf.upfronthosting.co.za/roundup/meta/msg557? My guess would be that Richard doesn't want core roundup changes because he thinks everything we need for antispam features can be implemented by creating extensions/detectors that can be applied to any roundup instance if the administrator of that instance wishes spam protection. The smaller the roundup core is, the easier it is to maintain. > What version of Roundup are you running? Currently it's a slightly modified version of 1.3.2. The version we're using is available in Subversion. http://svn.python.org/view/tracker/roundup-src/ has the webview of the repo. >I was going to use the time to try and learn Pylons, Googling that up led me to this very british webpage: http://users.tinyonline.co.uk/bigh/bigh/pylonof.htm, but I'm guessing you're referring to the web framework.. :-) >but I can >switch and work on this instead. Maybe I can use it as a lure to other >Chicago area Python folk to show up and help. Sounds like an excellent plan! :-) Although http://psf.upfronthosting.co.za/roundup/meta/msg536 has some of the details you might need to get going, there are probably plenty of other things you want to know, including how to get a tracker instance for testing/development up and running. The latter really needs to be converted from the rather inaccessible format stored away in my brain into a wiki page.. Anyway, I'll happily try to answer your questions on how to implement this feature. Let's see if I can find the time to give you some hints as another message on http://psf.upfronthosting.co.za/roundup/meta/issue105. Cheers, \EF - -- Erik Forsberg http://efod.se GPG/PGP Key: 1024D/0BAC89D9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ iD8DBQFGQjB5rJurFAusidkRAgHIAJ42YzhrU5PIxjU8lGNQ6RN/po+JBgCaAk8k BtMQXJrZyT9ZcRFt104d7z4= =n91S -----END PGP SIGNATURE----- From forsberg at efod.se Sun May 13 16:05:34 2007 From: forsberg at efod.se (Erik Forsberg) Date: Sun, 13 May 2007 16:05:34 +0200 Subject: [Tracker-discuss] Spam Filtering In-Reply-To: <876471n3ba.fsf@uterus.efod.se> (Erik Forsberg's message of "Wed, 09 May 2007 22:35:05 +0200") References: <4640E5E9.5040405@v.loewis.de> <17985.7055.256605.250372@montanaro.dyndns.org> <876471n3ba.fsf@uterus.efod.se> Message-ID: <87r6pkakep.fsf@uterus.efod.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Erik Forsberg writes: > including how to get a tracker > instance for testing/development up and running. The latter really > needs to be converted from the rather inaccessible format stored away > in my brain into a wiki page.. I've tried to create an instruction on how to do this now, at http://wiki.python.org/moin/TrackerDevelopment. Comments are welcome, especially on things that need clarification. Regards, \EF - -- Erik Forsberg http://efod.se GPG/PGP Key: 1024D/0BAC89D9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ iD8DBQFGRxsurJurFAusidkRArWrAKC/hH0r7VI1FilZMn5a9IXSlCr28QCffvtY AKBrmXU2amkPwrAH7/z4Ygs= =uhA0 -----END PGP SIGNATURE----- From izak at upfrontsystems.co.za Mon May 14 11:14:55 2007 From: izak at upfrontsystems.co.za (Izak Burger) Date: Mon, 14 May 2007 11:14:55 +0200 Subject: [Tracker-discuss] 2.5.1 out the door; time to start thinking about a switch-over date In-Reply-To: References: <87647pleit.fsf@uterus.efod.se> <87vefp58wp.fsf@uterus.efod.se> <87sla7b23h.fsf@uterus.efod.se> <46417889.80906@upfrontsystems.co.za> Message-ID: <4648288F.1020305@upfrontsystems.co.za> Brett Cannon wrote: > > > On 5/9/07, *Izak Burger* > wrote: > > Erik Forsberg wrote: > >> So I tried to do this but I couldn't get the tool to run; > missing some Perl > >> module and I don't know Perl so I don't know how to get it and > install it. > > > > It's OK to use Firefox or some other browser to repeat the problem - > > I'm using their perl script only to emphasize that the problem is not > > browser-specific. > > If you send me the error message I might be able to figure out which > perl module it wants. I'm not a perl guru by any means, but I have > some > experience finding the correct libwhatever-perl debian package... > > > It's Crypt/SSLeay.pm . I just don't know how to install the thing (I > assume I just download from CPAN). I installed libnet-ssleay-perl and libcrypt-ssleay-perl. psf:~# dpkg -L libcrypt-ssleay-perl | grep SSLeay.pm /usr/lib/perl5/Crypt/SSLeay.pm We try not to download from cpan as it messes with debian's internal package management. Almost all perl packages can be apt-get installed :-) regards, Izak From barry at python.org Mon May 14 15:10:59 2007 From: barry at python.org (Barry Warsaw) Date: Mon, 14 May 2007 09:10:59 -0400 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 14, 2007, at 4:54 AM, Brad Knowles wrote: > Looks like we're having some problems within the bug tracking system, > and I'm not quite sure where to report this one. I think the meta-tracker is the right place to report this: http://psf.upfronthosting.co.za/roundup/meta/ as is the tracker-discuss at python.org mailing list. > We should probably also re-check all of our other systems to ensure > that they are secure. The Roundup tracker is still beta so I know that those guys have been working hard to address issues like this. As far as other systems go, I think the wiki has been plagued by spam in the past, though ISTR reading that certain recent measures have helped here too. > Barry -- I imagine we'll want to check all known blacklists to ensure > that our IP address(es) either has/have not been added as a result of > this activity, or that we get it/them removed as quickly as possible. > > I'll do an initial run on that process right after I send this > message (checking all the IP addresses, hostnames, URLs, etc... that > I know about using all the blacklist checking resources I know > about), but you'll probably want to followup as soon as you can. Brad, I really appreciate you looking into this. I don't know when I'll have time to look into this, but if there's anything specific you want me to look at, let me know. I'll try to hang out on #pydotorg today. [quoting the rest of the message for the benefit of tracker-discuss - BAW] - -Barry > Lets see how quickly we can get this issue resolved. I'd followup > with immediate telephone calls right now, but I don't have any > numbers for anyone, and since it's 3:50AM CDT, I figure most of the > US people are probably asleep. I might be able to catch a few people > in Europe, but that would include the likes of Vincent and this > message demonstrates that they're probably already doing everything > they can. > > We'll want to address that telephone escalation issue in the "lessons > learned" session after we've dealt with the initial fallout. > > > Here we go.... > > --- begin forwarded text > > Delivered-To: postmaster at bag.python.org > Date: Mon, 14 May 2007 09:21:02 +0200 > From: Vincent > Organization: XS4ALL Internet BV > Cc: postmaster at python.org > Subject: spamvertised content on bugs.python.org > > Hello, > > It appears that spammers have uploaded some files to bugs.python.org > (and perhaps other places) with the intention to abuse the system as > a spamvertised-website hosting system. > > Here are some URLs that have been reported to us (as actual spam- > reports): > > http://bugs.python.org/file7737/strippers456.html > http://bugs.python.org/file7733/squirt.html > http://bugs.python.org/file7735/stocking.html > http://bugs.python.org/file7738/strippers.html > http://bugs.python.org/file7741/swingers5236.html > http://bugs.python.org/file7739/stripping.html > http://bugs.python.org/file7740/sucking.html > http://bugs.python.org/file7742/swingers.html > > I'd recommend you examine the logs for the bug tracking system to > find any accounts related to this one and close them. This type of > abuse has recently taken off; it might be useful to re-examine the > measures in place to prevent this and other abuse of the bug-tracking > system. > -- > XS4ALL Abuse http://www.xs4all.nl/veiligheid/ > XS4ALL Internet B.V. Diemen KvK 33287534 > > --- end forwarded text > > > -- > Brad Knowles > Member of the Python.org Postmaster Team > Co-moderator of mailman-users and mailman-developers mailing lists > > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 > _______________________________________________ > Pydotorg mailing list > Pydotorg at python.org > http://mail.python.org/mailman/listinfo/pydotorg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQCVAwUBRkhf43EjvBPtnXfVAQJEyAP+LgnY1azPmHPfw4VM+Vr91Gv/EqBqBhM1 3N65zEE3C600as03zQzWMd37d1+e459n0di9KFfbAXCh8CEQqPAaRCBxej3srzTy vKTeenWduUbqXFdVlWZ65t/89iKDAHVseWJAFjWSd9TtJheyNmjZs1FQS9Of5qaa nZLM7BraeFs= =x5s6 -----END PGP SIGNATURE----- From forsberg at efod.se Mon May 14 15:41:58 2007 From: forsberg at efod.se (Erik Forsberg) Date: Mon, 14 May 2007 15:41:58 +0200 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: References:

Message-ID: <200705141541.58994.forsberg@efod.se> m?ndag 14 maj 2007 15:10 skrev Barry Warsaw: Being in a hurry, I just wanted to let you know that I've moved the files that correspond to the spam content which means the spam content is no longer served by bugs.python.org. We'll have to intensify the work on getting better anti-spam measures in place. I've begun writing some detailed hints on how to implement issue105 in the meta tracker, but ran out of time yesterday before completion. Regards, \EF - not normally a top-poster.. :-) > On May 14, 2007, at 4:54 AM, Brad Knowles wrote: > > Looks like we're having some problems within the bug tracking system, > > and I'm not quite sure where to report this one. > > I think the meta-tracker is the right place to report this: > > http://psf.upfronthosting.co.za/roundup/meta/ > > as is the tracker-discuss at python.org mailing list. > > > We should probably also re-check all of our other systems to ensure > > that they are secure. > > The Roundup tracker is still beta so I know that those guys have been > working hard to address issues like this. As far as other systems > go, I think the wiki has been plagued by spam in the past, though > ISTR reading that certain recent measures have helped here too. > > > Barry -- I imagine we'll want to check all known blacklists to ensure > > that our IP address(es) either has/have not been added as a result of > > this activity, or that we get it/them removed as quickly as possible. > > > > I'll do an initial run on that process right after I send this > > message (checking all the IP addresses, hostnames, URLs, etc... that > > I know about using all the blacklist checking resources I know > > about), but you'll probably want to followup as soon as you can. > > Brad, I really appreciate you looking into this. I don't know when > I'll have time to look into this, but if there's anything specific > you want me to look at, let me know. I'll try to hang out on > #pydotorg today. > > [quoting the rest of the message for the benefit of tracker-discuss - > BAW] > > -Barry > > > Lets see how quickly we can get this issue resolved. I'd followup > > with immediate telephone calls right now, but I don't have any > > numbers for anyone, and since it's 3:50AM CDT, I figure most of the > > US people are probably asleep. I might be able to catch a few people > > in Europe, but that would include the likes of Vincent and this > > message demonstrates that they're probably already doing everything > > they can. > > > > We'll want to address that telephone escalation issue in the "lessons > > learned" session after we've dealt with the initial fallout. > > > > > > Here we go.... > > > > --- begin forwarded text > > > > Delivered-To: postmaster at bag.python.org > > Date: Mon, 14 May 2007 09:21:02 +0200 > > From: Vincent > > Organization: XS4ALL Internet BV > > Cc: postmaster at python.org > > Subject: spamvertised content on bugs.python.org > > > > Hello, > > > > It appears that spammers have uploaded some files to bugs.python.org > > (and perhaps other places) with the intention to abuse the system as > > a spamvertised-website hosting system. > > > > Here are some URLs that have been reported to us (as actual spam- > > reports): > > > > http://bugs.python.org/file7737/strippers456.html > > http://bugs.python.org/file7733/squirt.html > > http://bugs.python.org/file7735/stocking.html > > http://bugs.python.org/file7738/strippers.html > > http://bugs.python.org/file7741/swingers5236.html > > http://bugs.python.org/file7739/stripping.html > > http://bugs.python.org/file7740/sucking.html > > http://bugs.python.org/file7742/swingers.html > > > > I'd recommend you examine the logs for the bug tracking system to > > find any accounts related to this one and close them. This type of > > abuse has recently taken off; it might be useful to re-examine the > > measures in place to prevent this and other abuse of the bug-tracking > > system. > > -- > > XS4ALL Abuse http://www.xs4all.nl/veiligheid/ > > XS4ALL Internet B.V. Diemen KvK 33287534 > > > > --- end forwarded text > > > > > > -- > > Brad Knowles > > Member of the Python.org Postmaster Team > > Co-moderator of mailman-users and mailman-developers mailing lists > > > > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 > > _______________________________________________ > > Pydotorg mailing list > > Pydotorg at python.org > > http://mail.python.org/mailman/listinfo/pydotorg > > _______________________________________________ > Tracker-discuss mailing list > Tracker-discuss at python.org > http://mail.python.org/mailman/listinfo/tracker-discuss -- http://efod.se/ From skip at pobox.com Mon May 14 17:02:15 2007 From: skip at pobox.com (skip at pobox.com) Date: Mon, 14 May 2007 10:02:15 -0500 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: <200705141541.58994.forsberg@efod.se> References:

<200705141541.58994.forsberg@efod.se> Message-ID: <17992.31223.568078.928325@montanaro.dyndns.org> Erik> We'll have to intensify the work on getting better anti-spam Erik> measures in place. I've begun writing some detailed hints on how Erik> to implement issue105 in the meta tracker, but ran out of time Erik> yesterday before completion. I have some ideas about a more standalone (less tightly integrated with Roundup) SpamBayes classifier, but that will take awhile to implement. If this is a show stopper perhaps we should protect bugs.python.org with Apache authentication until we get it worked out. Skip From skip at pobox.com Mon May 14 17:38:34 2007 From: skip at pobox.com (skip at pobox.com) Date: Mon, 14 May 2007 10:38:34 -0500 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: <17992.31223.568078.928325@montanaro.dyndns.org> References:

<200705141541.58994.forsberg@efod.se> <17992.31223.568078.928325@montanaro.dyndns.org> Message-ID: <17992.33402.299923.45123@montanaro.dyndns.org> skip> I have some ideas about a more standalone (less tightly integrated skip> with Roundup) SpamBayes classifier, but that will take awhile to skip> implement. If this is a show stopper perhaps we should protect skip> bugs.python.org with Apache authentication until we get it worked skip> out. Actually, until we get *something* worked out, not necessarily my idea. Skip From brad at python.org Mon May 14 20:44:13 2007 From: brad at python.org (Brad Knowles) Date: Mon, 14 May 2007 13:44:13 -0500 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: <200705141541.58994.forsberg@efod.se> References:

<200705141541.58994.forsberg@efod.se> Message-ID: On 5/14/07, Erik Forsberg wrote: > Being in a hurry, I just wanted to let you know that I've moved the >files that > correspond to the spam content which means the spam content is no longer > served by bugs.python.org. That's good. One of the things that concerns me the most about this process is that there are a lot of sites that have hair-trigger settings on their "report this as spam" processes, and all it would take is one of them deciding that they should submit to SURBL (or some other RHSBL/URIBL-type service) a request to block all of python.org, because of a security issue on one of our subdomains or hosts, even if we're not actually trying to send out any of the related spam ourselves. I'm sure that the admins for SURBL (and the other well-known RHSBL/URIBL services) are very conservative and would only be likely to blacklist the offending subdomain or host, but you never know when you might fall through the cracks or if there's a somewhat less well-known RHSBL/URIBL service out there that is not nearly so careful about vetting their input, and which coincidentally also tends to get wide use amongst our users. As such, I tend to react pretty aggressively when I get a validated report of this sort. > We'll have to intensify the work on getting better anti-spam measures in > place. I've begun writing some detailed hints on how to implement issue105 in > the meta tracker, but ran out of time yesterday before completion. Much appreciated. Thanks! -- Brad Knowles Member of the Python.org Postmaster Team Co-moderator of mailman-users and mailman-developers mailing lists 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 From martin at v.loewis.de Mon May 14 23:23:07 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Mon, 14 May 2007 23:23:07 +0200 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: <17992.31223.568078.928325@montanaro.dyndns.org> References:

<200705141541.58994.forsberg@efod.se> <17992.31223.568078.928325@montanaro.dyndns.org> Message-ID: <4648D33B.5090700@v.loewis.de> > I have some ideas about a more standalone (less tightly integrated with > Roundup) SpamBayes classifier, but that will take awhile to implement. If > this is a show stopper perhaps we should protect bugs.python.org with Apache > authentication until we get it worked out. I don't see how this would help. Whether it's Apache authentication or form login - the spammers will just login, and post their spam. Regards, Martin From skip at pobox.com Mon May 14 23:51:09 2007 From: skip at pobox.com (skip at pobox.com) Date: Mon, 14 May 2007 16:51:09 -0500 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: <4648D33B.5090700@v.loewis.de> References:

<200705141541.58994.forsberg@efod.se> <17992.31223.568078.928325@montanaro.dyndns.org> <4648D33B.5090700@v.loewis.de> Message-ID: <17992.55757.264399.974718@montanaro.dyndns.org> >> I have some ideas about a more standalone (less tightly integrated >> with Roundup) SpamBayes classifier, but that will take awhile to >> implement. If this is a show stopper perhaps we should protect >> bugs.python.org with Apache authentication until we get it worked >> out. Martin> I don't see how this would help. Whether it's Apache Martin> authentication or form login - the spammers will just login, and Martin> post their spam. I guess I should have been more explicit. The Apach authentication credentials would be given out to a much smaller group of people (basically just the people subscribed to tracker-discuss plus any other people who are helping debug bugs.python.org). It would not be wide open the way it is now. Once the spam submission problem is solved we can disable the Apache authentication. Skip From martin at v.loewis.de Tue May 15 01:21:26 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 15 May 2007 01:21:26 +0200 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: <17992.55757.264399.974718@montanaro.dyndns.org> References:

<200705141541.58994.forsberg@efod.se> <17992.31223.568078.928325@montanaro.dyndns.org> <4648D33B.5090700@v.loewis.de> <17992.55757.264399.974718@montanaro.dyndns.org> Message-ID: <4648EEF6.5090305@v.loewis.de> > I guess I should have been more explicit. The Apach authentication > credentials would be given out to a much smaller group of people (basically > just the people subscribed to tracker-discuss plus any other people who are > helping debug bugs.python.org). It would not be wide open the way it is > now. Once the spam submission problem is solved we can disable the Apache > authentication. Ah, ok. That should not be done. We should not wait for the tracker to become life until a permanent solution to the spam has been found - or else we may not be able to switch to roundup for several years. Regards, Martin From skip at pobox.com Tue May 15 15:13:37 2007 From: skip at pobox.com (skip at pobox.com) Date: Tue, 15 May 2007 08:13:37 -0500 Subject: [Tracker-discuss] [Pydotorg] Fwd: spamvertised content on bugs.python.org In-Reply-To: <4648EEF6.5090305@v.loewis.de> References:

<200705141541.58994.forsberg@efod.se> <17992.31223.568078.928325@montanaro.dyndns.org> <4648D33B.5090700@v.loewis.de> <17992.55757.264399.974718@montanaro.dyndns.org> <4648EEF6.5090305@v.loewis.de> <17993.45569.90730.179795@montanaro.dyndns.org> Message-ID: <464A23C4.9060103@v.loewis.de> > I think it would still have some short-term value. In the immediate term it > at least gives you the chance to a) clean up any current problems and b) > recruit a few extra volunteers to help police the site (hopefully separate > from the current maintenance crew who probably have enough work already). > Once that's done you can open it up again. It would be possible to close registration for new users entirely for the moment. However, I don't see much value in doing so; I'd defer such a decision to the tracker admins. Regards, Martin From metatracker at psf.upfronthosting.co.za Thu May 17 09:25:57 2007 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v._L=C3=B6wis?=) Date: Thu, 17 May 2007 07:25:57 -0000 Subject: [Tracker-discuss] [issue105] Dealing with spam Message-ID: <1179386757.8.0.899773189348.issue105@psf.upfronthosting.co.za> Martin v. L?wis added the comment: I have now created another anti-spam feature: developers and coordinators will find "Spammer" buttons on issues, messages, and files (for files, it's on the "Edit" page). This is implemented by: 1. creating a Spammer role 2. assigning the Spammer role to all reported spammers, dropping their User role. As a consequence, they lose Web Access permission. 3. creating a 'Report spammer' permission. 4. assigning the Report spammer permission to developers and coordinators. 5. changing View and Edit permissions on issues to require that the issue is not created by a spammer, for Anonymous, User, and Developer roles. As a consequence, these three groups will not be able to see issues, messages, and files created by a spammer. Coordinators continue to see them. 6. changing the UI to add "Spammer" buttons if the user has "Report spammer" permission. These buttons invoke a "reportspam" action, which assigns the spammer role. _______________________________________________________ Meta Tracker _______________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: spammer.diff Type: text/x-pofile Size: 7602 bytes Desc: not available Url : http://mail.python.org/pipermail/tracker-discuss/attachments/20070517/22dde4e7/attachment.bin