From metatracker at psf.upfronthosting.co.za Mon Jun 1 05:36:59 2009 From: metatracker at psf.upfronthosting.co.za (Stephen Turnbull) Date: Mon, 01 Jun 2009 03:36:59 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <4A205FD7.1050705@v.loewis.de> Message-ID: <87r5y4bozh.fsf@uwakimon.sk.tsukuba.ac.jp> Stephen Turnbull added the comment: "Martin v. L?wis" writes: > > But I didn't understand how this is supposed to work and how it > > would prevent spammers from creating new invalid issues like > > this one here or issue281 in the metatracker. Please explain. > > The spammers send email with your registered email address to the > tracker. The tracker checks whether the From field is a registered > address of some user, and if so, it accepts the message. Now that > you have changed your email address, spammers would have to use the > new address in From. Since they don't know what the new address > is, the spam will be rejected. I don't think this actually works, because IIRC he added his *old* address, which the spammers have been using, to the new user. It will continue to work as a valid address; that's the purpose of the alternate email address field. The primary field is what Roundup uses to address mail to the user; the alternate addresses are other valid sources for issue data. I don't think there is any way to prevent this kind of spamming. ---------- nosy: +stephen _______________________________________________________ PSF Meta Tracker _______________________________________________________ From stephen at xemacs.org Mon Jun 1 05:40:50 2009 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Mon, 01 Jun 2009 12:40:50 +0900 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <4A205FD7.1050705@v.loewis.de> References: <20090529060556.GN6592@pfmaster.artcom-gmbh.de> <4A205FD7.1050705@v.loewis.de> Message-ID: <87r5y4bozh.fsf@uwakimon.sk.tsukuba.ac.jp> "Martin v. L?wis" writes: > > But I didn't understand how this is supposed to work and how it > > would prevent spammers from creating new invalid issues like > > this one here or issue281 in the metatracker. Please explain. > > The spammers send email with your registered email address to the > tracker. The tracker checks whether the From field is a registered > address of some user, and if so, it accepts the message. Now that > you have changed your email address, spammers would have to use the > new address in From. Since they don't know what the new address > is, the spam will be rejected. I don't think this actually works, because IIRC he added his *old* address, which the spammers have been using, to the new user. It will continue to work as a valid address; that's the purpose of the alternate email address field. The primary field is what Roundup uses to address mail to the user; the alternate addresses are other valid sources for issue data. I don't think there is any way to prevent this kind of spamming. From martin at v.loewis.de Mon Jun 1 07:08:55 2009 From: martin at v.loewis.de (=?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?=) Date: Mon, 01 Jun 2009 07:08:55 +0200 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <87r5y4bozh.fsf@uwakimon.sk.tsukuba.ac.jp> References: <87r5y4bozh.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <4A236267.9020106@v.loewis.de> > I don't think this actually works, because IIRC he added his *old* > address, which the spammers have been using, to the new user. "new user"? I didn't notice that he created a new user account. Peter, can you please explain what accounts you hold, and which of these accounts you don't plan to use anymore? In any case: yes, if the address that the spammers had been using is still associated with one of the accounts, it will not help at all. > I don't think there is any way to prevent this kind of spamming. In general, no (except by requiring PGP signatures for posters). In the specific case, it might help to either a) remove/retire the pefu users completely, or b) disable creation of new issues via email. From metatracker at psf.upfronthosting.co.za Mon Jun 1 07:09:31 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Mon, 01 Jun 2009 05:09:31 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <87r5y4bozh.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <4A236267.9020106@v.loewis.de> Martin v. L?wis added the comment: > I don't think this actually works, because IIRC he added his *old* > address, which the spammers have been using, to the new user. "new user"? I didn't notice that he created a new user account. Peter, can you please explain what accounts you hold, and which of these accounts you don't plan to use anymore? In any case: yes, if the address that the spammers had been using is still associated with one of the accounts, it will not help at all. > I don't think there is any way to prevent this kind of spamming. In general, no (except by requiring PGP signatures for posters). In the specific case, it might help to either a) remove/retire the pefu users completely, or b) disable creation of new issues via email. _______________________________________________________ PSF Meta Tracker _______________________________________________________ From stephen at xemacs.org Mon Jun 1 08:45:03 2009 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Mon, 01 Jun 2009 15:45:03 +0900 Subject: [Tracker-discuss] Spam issue like issue286 In-Reply-To: <4A236267.9020106@v.loewis.de> References: <87r5y4bozh.fsf@uwakimon.sk.tsukuba.ac.jp> <4A236267.9020106@v.loewis.de> Message-ID: <87oct8bggg.fsf@uwakimon.sk.tsukuba.ac.jp> Is this supposed to be going to issue286? Martin v. L?wis writes: > > I don't think this actually works, because IIRC he added his *old* > > address, which the spammers have been using, to the new user. > > "new user"? I didn't notice that he created a new user account. Eh, to be honest, I'm not sure he did. But I'm pretty sure he said he added his old address (the spammable one) to whichever account he is using from now on, as an alternate address. That would mean such spam would continue to be attributed to him. :-( > In general, no (except by requiring PGP signatures for posters). > In the specific case, it might help to either > a) remove/retire the pefu users completely, or > b) disable creation of new issues via email. What I plan to do if and when it becomes an issue on the XEmacs Tracker is use a "poor man's captcha", requiring a flag (eg, "[issue]") in the subject for automated creation of issues. From metatracker at psf.upfronthosting.co.za Wed Jun 3 15:27:20 2009 From: metatracker at psf.upfronthosting.co.za (Daniel Diniz) Date: Wed, 03 Jun 2009 13:27:20 +0000 Subject: [Tracker-discuss] [issue285] Add issue title to issue links, avoid linking to bogus issues In-Reply-To: <1242322496.14.0.859560166441.issue285@psf.upfronthosting.co.za> Message-ID: <1244035640.02.0.419493605125.issue285@psf.upfronthosting.co.za> Daniel Diniz added the comment: As suggested by Stefan Seefeld, this patch handles the overflow on the DB layer. _______________________________________________________ PSF Meta Tracker _______________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: postgres_id_overflow.diff Type: text/x-diff Size: 619 bytes Desc: not available URL: From metatracker at psf.upfronthosting.co.za Wed Jun 3 15:39:41 2009 From: metatracker at psf.upfronthosting.co.za (Stefan Seefeld) Date: Wed, 03 Jun 2009 13:39:41 +0000 Subject: [Tracker-discuss] [issue285] Add issue title to issue links, avoid linking to bogus issues In-Reply-To: <1244035640.02.0.419493605125.issue285@psf.upfronthosting.co.za> Message-ID: <4A267D10.90108@sympatico.ca> Stefan Seefeld added the comment: Daniel Diniz wrote: > Daniel Diniz added the comment: > > As suggested by Stefan Seefeld, this patch handles the overflow on the DB layer. > > --- a/roundup-src/roundup/backends/rdbms_common.py Tue May 26 15:50:15 2009 -0300 > +++ b/roundup-src/roundup/backends/rdbms_common.py Wed Jun 03 10:24:15 2009 -0300 > @@ -1110,6 +1110,8 @@ > # Return 1, not True, to match the type of the result of > # the SQL operation below. > return 1 > + if int(nodeid) > 2**30: # Avoid Postgres error > + return 0 Yes, I think this is much better. However, I'm still concerned about two things: 1) You put postgresql-specific code into rdbms_common.py 2) It seems there may be other cases where we don't properly check for type / value incompatibilities between Python and SQL backends. I'm not sure what to suggest, as I don't know the domain well enough. But I wonder: might it be a good idea to have back_postgresql do more work, such as provide its own 'sql()' function, where it could either validate the arguments, or catch backend-specific errors and translate them into Roundup exceptions ? Thanks, Stefan -- ...ich hab' noch einen Koffer in Berlin... ---------- nosy: +stefan _______________________________________________________ PSF Meta Tracker _______________________________________________________ From seefeld at sympatico.ca Wed Jun 3 15:39:28 2009 From: seefeld at sympatico.ca (Stefan Seefeld) Date: Wed, 03 Jun 2009 09:39:28 -0400 Subject: [Tracker-discuss] [issue285] Add issue title to issue links, avoid linking to bogus issues In-Reply-To: <1244035640.02.0.419493605125.issue285@psf.upfronthosting.co.za> References: <1244035640.02.0.419493605125.issue285@psf.upfronthosting.co.za> Message-ID: <4A267D10.90108@sympatico.ca> Daniel Diniz wrote: > Daniel Diniz added the comment: > > As suggested by Stefan Seefeld, this patch handles the overflow on the DB layer. > > --- a/roundup-src/roundup/backends/rdbms_common.py Tue May 26 15:50:15 2009 -0300 > +++ b/roundup-src/roundup/backends/rdbms_common.py Wed Jun 03 10:24:15 2009 -0300 > @@ -1110,6 +1110,8 @@ > # Return 1, not True, to match the type of the result of > # the SQL operation below. > return 1 > + if int(nodeid) > 2**30: # Avoid Postgres error > + return 0 Yes, I think this is much better. However, I'm still concerned about two things: 1) You put postgresql-specific code into rdbms_common.py 2) It seems there may be other cases where we don't properly check for type / value incompatibilities between Python and SQL backends. I'm not sure what to suggest, as I don't know the domain well enough. But I wonder: might it be a good idea to have back_postgresql do more work, such as provide its own 'sql()' function, where it could either validate the arguments, or catch backend-specific errors and translate them into Roundup exceptions ? Thanks, Stefan -- ...ich hab' noch einen Koffer in Berlin... From metatracker at psf.upfronthosting.co.za Wed Jun 3 15:56:41 2009 From: metatracker at psf.upfronthosting.co.za (Daniel Diniz) Date: Wed, 03 Jun 2009 13:56:41 +0000 Subject: [Tracker-discuss] [issue285] Add issue title to issue links, avoid linking to bogus issues In-Reply-To: <1242322496.14.0.859560166441.issue285@psf.upfronthosting.co.za> Message-ID: <1244037401.53.0.181953430524.issue285@psf.upfronthosting.co.za> Daniel Diniz added the comment: For reference, traceback is here: http://paste.pocoo.org/show/120779/ 1) rdbms_common.Database.sql is supposed to work with Postgres and MySQL, I'm just fixing it for the former. 2) Probably yes, but FWIW this patch fixes many other Postgres overflows in hasnode: for superseder, status, etc. I think we should fix this, then maybe refactor the DB code. I'm not sure investing in refactoring and improving our own DB-compatibility layer is desirable over picking an external ORM. _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 4 01:00:13 2009 From: metatracker at psf.upfronthosting.co.za (Ronald Oussoren) Date: Wed, 03 Jun 2009 23:00:13 +0000 Subject: [Tracker-discuss] [issue287] Please automaticly add ronaldoussoren to nosy list for component Macintosh In-Reply-To: <1244070013.96.0.861035238602.issue287@psf.upfronthosting.co.za> Message-ID: <1244070013.96.0.861035238602.issue287@psf.upfronthosting.co.za> New submission from Ronald Oussoren : I'm the OSX maintainer for Python. Would it be possible to either automaticly assign issues for the Macintosh component to me, or add me to the nosy list of such issues (all of this for the tracker at bugs.python.org). My username in bugs.python.org is ronaldoussoren. ---------- messages: 1418 nosy: ronaldoussoren priority: wish status: unread title: Please automaticly add ronaldoussoren to nosy list for component Macintosh _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 4 07:56:15 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Thu, 04 Jun 2009 05:56:15 +0000 Subject: [Tracker-discuss] [issue287] Please automaticly add ronaldoussoren to nosy list for component Macintosh In-Reply-To: <1244070013.96.0.861035238602.issue287@psf.upfronthosting.co.za> Message-ID: <1244094975.49.0.0809134579362.issue287@psf.upfronthosting.co.za> Martin v. L?wis added the comment: Done. ---------- nosy: +loewis status: unread -> resolved _______________________________________________________ PSF Meta Tracker _______________________________________________________ From skip at pobox.com Thu Jun 4 19:07:11 2009 From: skip at pobox.com (skip at pobox.com) Date: Thu, 4 Jun 2009 12:07:11 -0500 Subject: [Tracker-discuss] Adding "Re:" to tracker responses Message-ID: <18983.65343.638572.139239@montanaro.dyndns.org> Any chance that "Re:" could be added to responses to an initial report? The volume of tracker messages is such that my eyes frequently glaze over. Ideally, I should be able to skim a python-bugs-list digest message and quickly identify those messages which are new and those which are responses to existing bug tracker items. Thx, Skip From metatracker at psf.upfronthosting.co.za Thu Jun 4 19:07:19 2009 From: metatracker at psf.upfronthosting.co.za (Skip Montanaro) Date: Thu, 04 Jun 2009 17:07:19 +0000 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <18983.65343.638572.139239@montanaro.dyndns.org> Message-ID: <18983.65343.638572.139239@montanaro.dyndns.org> New submission from Skip Montanaro : Any chance that "Re:" could be added to responses to an initial report? The volume of tracker messages is such that my eyes frequently glaze over. Ideally, I should be able to skim a python-bugs-list digest message and quickly identify those messages which are new and those which are responses to existing bug tracker items. Thx, Skip ---------- messages: 1420 nosy: montanaro status: unread title: Adding "Re:" to tracker responses _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 4 19:13:09 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Thu, 04 Jun 2009 17:13:09 +0000 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <18983.65343.638572.139239@montanaro.dyndns.org> Message-ID: <1244135589.76.0.18313152211.issue288@psf.upfronthosting.co.za> Martin v. L?wis added the comment: Notice that python-bugs-announce is a list that gets announcements only of new issues. I personally only describe to that list, and then add myself to nosy on any issues that interest me. ---------- nosy: +loewis priority: -> wish status: unread -> chatting _______________________________________________________ PSF Meta Tracker _______________________________________________________ From skip at pobox.com Thu Jun 4 21:02:38 2009 From: skip at pobox.com (skip at pobox.com) Date: Thu, 4 Jun 2009 14:02:38 -0500 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <1244135589.76.0.18313152211.issue288@psf.upfronthosting.co.za> References: <18983.65343.638572.139239@montanaro.dyndns.org> <1244135589.76.0.18313152211.issue288@psf.upfronthosting.co.za> Message-ID: <18984.6734.377106.147321@montanaro.dyndns.org> Martin> Notice that python-bugs-announce is a list that gets Martin> announcements only of new issues. I personally only describe to Martin> that list, and then add myself to nosy on any issues that Martin> interest me. Thanks. I wasn't aware that any such list existed. (Also, it appears to be named "new-bugs-announce".) Skip From metatracker at psf.upfronthosting.co.za Thu Jun 4 21:02:43 2009 From: metatracker at psf.upfronthosting.co.za (Skip Montanaro) Date: Thu, 04 Jun 2009 19:02:43 +0000 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <1244135589.76.0.18313152211.issue288@psf.upfronthosting.co.za> Message-ID: <18984.6734.377106.147321@montanaro.dyndns.org> Skip Montanaro added the comment: Martin> Notice that python-bugs-announce is a list that gets Martin> announcements only of new issues. I personally only describe to Martin> that list, and then add myself to nosy on any issues that Martin> interest me. Thanks. I wasn't aware that any such list existed. (Also, it appears to be named "new-bugs-announce".) Skip _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 4 21:12:41 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Thu, 04 Jun 2009 19:12:41 +0000 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <18983.65343.638572.139239@montanaro.dyndns.org> Message-ID: <1244142761.26.0.458373721332.issue288@psf.upfronthosting.co.za> Martin v. L?wis added the comment: Do you still want Re headers added, then? _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 4 23:36:45 2009 From: metatracker at psf.upfronthosting.co.za (Skip Montanaro) Date: Thu, 04 Jun 2009 21:36:45 +0000 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <1244142761.26.0.458373721332.issue288@psf.upfronthosting.co.za> Message-ID: <18984.15968.856085.607875@montanaro.dyndns.org> Skip Montanaro added the comment: Martin> Do you still want Re headers added, then? No, the announce list is sufficient. I wonder though, do new issues go to both lists or just the announce list? The reason I ask is that it seemed that every time I noticed something interesting in the bugs list it seemed it was a reply to a submission I had never seen. I certainly can't say for sure though, since the number of replies almost certainly dwarfs the number of new submissions. I may have just been unfortunate enough to never have noticed the "thread starter". Skip _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 4 23:41:03 2009 From: metatracker at psf.upfronthosting.co.za (R David Murray) Date: Thu, 04 Jun 2009 21:41:03 +0000 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <18984.15968.856085.607875@montanaro.dyndns.org> Message-ID: R David Murray added the comment: On Thu, 4 Jun 2009 at 21:36, Skip Montanaro wrote: > No, the announce list is sufficient. I wonder though, do new issues go to > both lists or just the announce list? The reason I ask is that it seemed Both. --David ---------- nosy: +r.david.murray _______________________________________________________ PSF Meta Tracker _______________________________________________________ From rdmurray at bitdance.com Thu Jun 4 23:40:51 2009 From: rdmurray at bitdance.com (R. David Murray) Date: Thu, 4 Jun 2009 17:40:51 -0400 (EDT) Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <18984.15968.856085.607875@montanaro.dyndns.org> References: <18984.15968.856085.607875@montanaro.dyndns.org> Message-ID: On Thu, 4 Jun 2009 at 21:36, Skip Montanaro wrote: > No, the announce list is sufficient. I wonder though, do new issues go to > both lists or just the announce list? The reason I ask is that it seemed Both. --David From metatracker at psf.upfronthosting.co.za Thu Jun 4 23:47:13 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Thu, 04 Jun 2009 21:47:13 +0000 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <18984.15968.856085.607875@montanaro.dyndns.org> Message-ID: <4A2840DF.8020008@v.loewis.de> Martin v. L?wis added the comment: > No, the announce list is sufficient. I wonder though, do new issues go to > both lists or just the announce list? The reason I ask is that it seemed > that every time I noticed something interesting in the bugs list it seemed > it was a reply to a submission I had never seen. Yes, the bugs list gets all messages, including new submissions. See e.g. http://mail.python.org/pipermail/python-bugs-list/2009-June/079256.html http://mail.python.org/pipermail/python-bugs-list/2009-June/thread.html _______________________________________________________ PSF Meta Tracker _______________________________________________________ From martin at v.loewis.de Thu Jun 4 23:47:11 2009 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Thu, 04 Jun 2009 23:47:11 +0200 Subject: [Tracker-discuss] [issue288] Adding "Re:" to tracker responses In-Reply-To: <18984.15968.856085.607875@montanaro.dyndns.org> References: <18984.15968.856085.607875@montanaro.dyndns.org> Message-ID: <4A2840DF.8020008@v.loewis.de> > No, the announce list is sufficient. I wonder though, do new issues go to > both lists or just the announce list? The reason I ask is that it seemed > that every time I noticed something interesting in the bugs list it seemed > it was a reply to a submission I had never seen. Yes, the bugs list gets all messages, including new submissions. See e.g. http://mail.python.org/pipermail/python-bugs-list/2009-June/079256.html http://mail.python.org/pipermail/python-bugs-list/2009-June/thread.html From metatracker at psf.upfronthosting.co.za Fri Jun 5 10:46:26 2009 From: metatracker at psf.upfronthosting.co.za (Izak Burger) Date: Fri, 05 Jun 2009 08:46:26 +0000 Subject: [Tracker-discuss] [issue289] Downtime In-Reply-To: <4A28DB84.1020201@upfrontsystems.co.za> Message-ID: <4A28DB84.1020201@upfrontsystems.co.za> New submission from Izak Burger : Hi all, We need to schedule a couple of minutes downtime for a memory upgrade on the machine running the tracker. We cannot pin down an exact time because it involves a human being on the other side of the world installing the memory, but we do know it will only be for a few minutes, and it will be in the next 8 hours. regards, Izak Burger ---------- messages: 1427 nosy: izak status: unread title: Downtime _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Mon Jun 8 09:01:34 2009 From: metatracker at psf.upfronthosting.co.za (Peter Funk) Date: Mon, 08 Jun 2009 07:01:34 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <4A236267.9020106@v.loewis.de> Message-ID: <20090608070121.GB15070@pfmaster.artcom-gmbh.de> Peter Funk added the comment: Hello all, please excuse my late answer. I took a one week vacation. Stephen Turnbull wrote: > > I don't think this actually works, because IIRC he added his *old* > > address, which the spammers have been using, to the new user. In reply Martin v. L?wis asked Montag, 01.06.2009 05:09: > "new user"? I didn't notice that he created a new user account. > > Peter, can you please explain what accounts you hold, and which of > these accounts you don't plan to use anymore? My Account is http://psf.upfronthosting.co.za/roundup/meta/user5 with the login nickname pefu512. My primary email address which is still valid, is pf at artcom-gmbh.de I use this address as From: all the time. The account user47 should be retired. I don't know why it has been created on 2007-09-26 09:23:55 . Unfortunately my email address has been harvested by spammers long ago. This is no big deal for me personally, because we have good spam filters in place here at ArtCom. What bothers me, is that spammers use my Name and address to inject stuff on web pages like the metatracker here. > In any case: yes, if the address that the spammers had been using > is still associated with one of the accounts, it will not help at > all. > > > I don't think there is any way to prevent this kind of spamming. > > In general, no (except by requiring PGP signatures for posters). > In the specific case, it might help to either > a) remove/retire the pefu users completely, or I wouldn't like that. > b) disable creation of new issues via email. Hmmm... Is there no other way? May be better spam filter in front of Roundup? In our company we have grey listing and some other filters in effect, which catches most of the spam. Regards, Peter -- Peter Funk, ?Oldenburger Str.86, D-27777 Ganderkesee office: ArtCom GmbH, ?Haferwende 2, D-28357 Bremen, Germany tel:+49-421-20419-0 cell:+49-179-640-8878 _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Wed Jun 24 05:27:04 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Wed, 24 Jun 2009 03:27:04 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <000d01c9df0e$dce9dd20$6400a8c0@> Message-ID: <1245814024.31.0.843563625821.issue286@psf.upfronthosting.co.za> Martin v. L?wis added the comment: I have retired user47. As for email addresses for pefu512: as long as the one that spammers user continues to stay on the list of alternative email addresses, we have to expect getting spammed again. We do have Spambayes for this roundup installation, but with the relatively small frequency of spam, it won't learn much except that pefu512 is a frequent spammer, and eventually classify your messages as spam by default. ---------- nosy: -pefu _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Wed Jun 24 06:39:58 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Wed, 24 Jun 2009 04:39:58 +0000 Subject: [Tracker-discuss] [issue268] Add contributor agreement and committer status information In-Reply-To: <1239216201.07.0.276549739609.issue268@psf.upfronthosting.co.za> Message-ID: <1245818398.92.0.871278464723.issue268@psf.upfronthosting.co.za> Martin v. L?wis added the comment: contrib form data is now stored as of r73543 _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Wed Jun 24 14:33:33 2009 From: metatracker at psf.upfronthosting.co.za (Peter Funk) Date: Wed, 24 Jun 2009 12:33:33 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <000d01c9df0e$dce9dd20$6400a8c0@> Message-ID: <1245846813.09.0.604274403881.issue286@psf.upfronthosting.co.za> Peter Funk added the comment: Hello Martin, you wrote: > I have retired user47. Thanks. > As for email addresses for pefu512: as long as the > one that spammers user continues to stay on the list of alternative email > addresses, we have to expect getting spammed again. So what I want to avoid is, that spammers abuse websites like http://psf.upfronthosting.co.za to improve their Google ranking. To do this I must be able to "remove" (retire) such spam issues before the Google-Bot comes along and finds them. I'm willing to do so, but I wasn't able to: I tried to use ?@action=retire on this issue on May 27th, but failed. Retire is what we use in our company internal Roundup tracker whenever an issue was created by mistake. Peter. _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Wed Jun 24 21:08:44 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Wed, 24 Jun 2009 19:08:44 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <000d01c9df0e$dce9dd20$6400a8c0@> Message-ID: <1245870524.94.0.144587128984.issue286@psf.upfronthosting.co.za> Martin v. L?wis added the comment: Unfortunately, the ?:action style of changing issues is insecure, as it enables XSS attacks. So recent versions of roundup have disabled this API to retiring, and require regular POSTs. Instead of retiring the issue, one should use the "Mark as SPAM" button, anyway (available to administrators only). _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 25 01:12:15 2009 From: metatracker at psf.upfronthosting.co.za (Stephen Turnbull) Date: Wed, 24 Jun 2009 23:12:15 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <1245870524.94.0.144587128984.issue286@psf.upfronthosting.co.za> Message-ID: <87skhpxm2t.fsf@uwakimon.sk.tsukuba.ac.jp> Stephen Turnbull added the comment: Martin v. L?wis writes: > > Martin v. L?wis added the comment: > > Unfortunately, the ?:action style of changing issues is insecure, > as it enables XSS attacks. So recent versions of roundup have > disabled this API to retiring, and require regular POSTs. > > Instead of retiring the issue, one should use the "Mark as SPAM" > button, anyway (available to administrators only). Would it be reasonable to make Mark as SPAM available to non adminstrators in one or both of the following ways: (a) the user whose address is abused should be allowed to Mark as SPAM (b) (complex and possibly vulnerable to DoS) any user could be allowed to Mark as SPAM - admins would need a Mark as HAM command, and explicitly marked HAM is not possible to mark as SPAM without admin privileges - create a report which looks for recently Marked as SPAM events so that admins and/or volunteers could check for abuse of the system _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 25 08:11:13 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Thu, 25 Jun 2009 06:11:13 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <87skhpxm2t.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <4A4314FE.2020007@v.loewis.de> Martin v. L?wis added the comment: > (a) the user whose address is abused should be allowed to Mark as SPAM I don't know how to implement that. > (b) (complex and possibly vulnerable to DoS) any user could be allowed > to Mark as SPAM > - admins would need a Mark as HAM command, and explicitly marked > HAM is not possible to mark as SPAM without admin privileges > - create a report which looks for recently Marked as SPAM events > so that admins and/or volunteers could check for abuse of the > system Finding out what explicitly marked ham is: I don't know how to implement that, either. _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 25 10:27:08 2009 From: metatracker at psf.upfronthosting.co.za (Izak Burger) Date: Thu, 25 Jun 2009 08:27:08 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <1245814024.31.0.843563625821.issue286@psf.upfronthosting.co.za> Message-ID: <4A4334FE.3070509@upfrontsystems.co.za> Izak Burger added the comment: Martin v. L?wis wrote: > We do have Spambayes for this roundup installation, but with the relatively > small frequency of spam, it won't learn much except that pefu512 is a frequent > spammer, and eventually classify your messages as spam by default. I don't know if this will help, but we have a fairly well-trained spamassassin token database that we use on our mail server. We train it with all our spam, and occasionally we download the content of our gmail spam boxes and train it with that as well. It catches about 90% of our spam. Not sure how you'd use it with spambayes though, I don't know spambayes at all. I could also make available the content of our spam mailboxes if you'd like to train your spam checker with that? It all depends whether your spam is the same as ours I suppose. At the moment we get about 700 of these fake newsletter things per day. ---------- nosy: +izak _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Thu Jun 25 19:55:39 2009 From: metatracker at psf.upfronthosting.co.za (Stephen Turnbull) Date: Thu, 25 Jun 2009 17:55:39 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <4A4314FE.2020007@v.loewis.de> Message-ID: <87prcsxkn4.fsf@uwakimon.sk.tsukuba.ac.jp> Stephen Turnbull added the comment: Martin v. L?wis writes: > > Martin v. L?wis added the comment: > > > (a) the user whose address is abused should be allowed to Mark as SPAM > > I don't know how to implement that. I don't know the details yet either, but I'm sure it's possible. Is it in principle acceptable as far as you know? (I'm not asking for a guarantee, but I'll probably work on this for my own roundup. If Python might like it, I might do the work sooner. :) > > (b) (complex and possibly vulnerable to DoS) any user could be allowed > > to Mark as SPAM [and admins could mark HAM] > Finding out what explicitly marked ham is: I don't know how to implement > that, either. Again, I don't have a patch and expect it will take some experimentation to construct a usable one, but I'm sure it's possible. Would Python want to evaluate such a patch for inclusion in your tracker? _______________________________________________________ PSF Meta Tracker _______________________________________________________ From stephen at xemacs.org Thu Jun 25 19:56:15 2009 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Fri, 26 Jun 2009 02:56:15 +0900 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <4A4314FE.2020007@v.loewis.de> References: <87skhpxm2t.fsf@uwakimon.sk.tsukuba.ac.jp> <4A4314FE.2020007@v.loewis.de> Message-ID: <87prcsxkn4.fsf@uwakimon.sk.tsukuba.ac.jp> Martin v. L?wis writes: > > Martin v. L?wis added the comment: > > > (a) the user whose address is abused should be allowed to Mark as SPAM > > I don't know how to implement that. I don't know the details yet either, but I'm sure it's possible. Is it in principle acceptable as far as you know? (I'm not asking for a guarantee, but I'll probably work on this for my own roundup. If Python might like it, I might do the work sooner. :) > > (b) (complex and possibly vulnerable to DoS) any user could be allowed > > to Mark as SPAM [and admins could mark HAM] > Finding out what explicitly marked ham is: I don't know how to implement > that, either. Again, I don't have a patch and expect it will take some experimentation to construct a usable one, but I'm sure it's possible. Would Python want to evaluate such a patch for inclusion in your tracker? From metatracker at psf.upfronthosting.co.za Thu Jun 25 20:33:41 2009 From: metatracker at psf.upfronthosting.co.za (=?utf-8?q?Martin_v=2E_L=C3=B6wis?=) Date: Thu, 25 Jun 2009 18:33:41 +0000 Subject: [Tracker-discuss] [issue286] Spam issue In-Reply-To: <87prcsxkn4.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <4A43C303.8090208@v.loewis.de> Martin v. L?wis added the comment: > > > (a) the user whose address is abused should be allowed to Mark as SPAM > > > > I don't know how to implement that. > > I don't know the details yet either, but I'm sure it's possible. Is > it in principle acceptable as far as you know? (I'm not asking for a > guarantee, but I'll probably work on this for my own roundup. If > Python might like it, I might do the work sooner. :) It would be fine with me. Notice that we talk about the meta tracker here - we never had this problem with any other user, on any other tracker. > > > (b) (complex and possibly vulnerable to DoS) any user could be allowed > > > to Mark as SPAM [and admins could mark HAM] > > > Finding out what explicitly marked ham is: I don't know how to implement > > that, either. > > Again, I don't have a patch and expect it will take some > experimentation to construct a usable one, but I'm sure it's > possible. Would Python want to evaluate such a patch for inclusion in > your tracker? Well, "Python" won't evaluate - and I might not have time to evaluate many roundup patches for the coming months (i.e. I would focus on important ones). _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Mon Jun 29 17:37:40 2009 From: metatracker at psf.upfronthosting.co.za (Peter Funk) Date: Mon, 29 Jun 2009 15:37:40 +0000 Subject: [Tracker-discuss] [issue290] Cialis In-Reply-To: <000e01c9f8cf$7ca6e180$aae25b54@> Message-ID: <000e01c9f8cf$7ca6e180$aae25b54@> New submission from Peter Funk : Hi, man! Take a look - http://wqejvabip.cn/ Good bye. ---------- messages: 1438 nosy: pefu512 status: unread title: Cialis _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Mon Jun 29 23:40:18 2009 From: metatracker at psf.upfronthosting.co.za (Benjamin Peterson) Date: Mon, 29 Jun 2009 21:40:18 +0000 Subject: [Tracker-discuss] [issue291] force closed issues to have a resolution In-Reply-To: <1246311618.39.0.313946202453.issue291@psf.upfronthosting.co.za> Message-ID: <1246311618.39.0.313946202453.issue291@psf.upfronthosting.co.za> New submission from Benjamin Peterson : It would be nice if it was not possible to close an issue without setting a resolution. This would prevent a common oversight. ---------- messages: 1439 nosy: benjamin.peterson priority: feature status: unread title: force closed issues to have a resolution _______________________________________________________ PSF Meta Tracker _______________________________________________________ From metatracker at psf.upfronthosting.co.za Tue Jun 30 00:20:21 2009 From: metatracker at psf.upfronthosting.co.za (R David Murray) Date: Mon, 29 Jun 2009 22:20:21 +0000 Subject: [Tracker-discuss] [issue291] force closed issues to have a resolution In-Reply-To: <1246311618.39.0.313946202453.issue291@psf.upfronthosting.co.za> Message-ID: R David Murray added the comment: If we do this I think we should add a new resolution "redirected to python-ideas". I have been leaving the resolution blank when that's what I've done, since none of the other choices seem appropriate. ---------- nosy: +r.david.murray status: unread -> chatting _______________________________________________________ PSF Meta Tracker _______________________________________________________ From rdmurray at bitdance.com Tue Jun 30 00:20:16 2009 From: rdmurray at bitdance.com (R. David Murray) Date: Mon, 29 Jun 2009 18:20:16 -0400 (EDT) Subject: [Tracker-discuss] [issue291] force closed issues to have a resolution In-Reply-To: <1246311618.39.0.313946202453.issue291@psf.upfronthosting.co.za> References: <1246311618.39.0.313946202453.issue291@psf.upfronthosting.co.za> Message-ID: If we do this I think we should add a new resolution "redirected to python-ideas". I have been leaving the resolution blank when that's what I've done, since none of the other choices seem appropriate. From metatracker at psf.upfronthosting.co.za Tue Jun 30 00:27:36 2009 From: metatracker at psf.upfronthosting.co.za (Peter Funk) Date: Mon, 29 Jun 2009 22:27:36 +0000 Subject: [Tracker-discuss] [issue286] Spam issues created using forged email In-Reply-To: <000d01c9df0e$dce9dd20$6400a8c0@> Message-ID: <1246314456.64.0.677006066269.issue286@psf.upfronthosting.co.za> Peter Funk added the comment: It occured once again: Spammers created another spam issue six hours ago: 290 with msg 1438 and I am still unable to remove it myself. :-( Please help. Peter. ---------- title: Spam issue -> Spam issues created using forged email _______________________________________________________ PSF Meta Tracker _______________________________________________________