From owner-cvs-doc@FreeBSD.ORG Mon Nov 14 16:36:40 2005 Return-Path: X-Original-To: cvs-doc@freebsd.org Delivered-To: cvs-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73F5C16A420; Mon, 14 Nov 2005 16:36:40 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from speedfactory.net (66-23-216-219.clients.speedfactory.net [66.23.216.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id B539F43D49; Mon, 14 Nov 2005 16:36:39 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (unverified [66.23.211.162]) by speedfactory.net (SurgeMail 3.5b3) with ESMTP id 1947068 for multiple; Mon, 14 Nov 2005 11:36:31 -0500 Received: from localhost (john@localhost [127.0.0.1]) by server.baldwin.cx (8.13.1/8.13.1) with ESMTP id jAEGaF0H078534; Mon, 14 Nov 2005 11:36:17 -0500 (EST) (envelope-from jhb@freebsd.org) From: John Baldwin To: Alexander Leidinger Date: Mon, 14 Nov 2005 11:00:18 -0500 User-Agent: KMail/1.8.2 References: <20051112141152.GT94004@submonkey.net> <20051112.103529.123972777.imp@bsdimp.com> <20051112220308.27815e5a@Magellan.Leidinger.net> In-Reply-To: <20051112220308.27815e5a@Magellan.Leidinger.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200511141100.21327.jhb@freebsd.org> X-Spam-Status: No, score=-2.8 required=4.2 tests=ALL_TRUSTED autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on server.baldwin.cx X-Server: High Performance Mail Server - http://surgemail.com r=1653887525 Cc: ceri@submonkey.net, cvs-doc@freebsd.org, cvs-all@freebsd.org, pav@freebsd.org, doc-committers@freebsd.org, "M. Warner Losh" Subject: Re: cvs commit: www/en/cgi Makefile query-pr.cgi querypr-code.cgi X-BeenThere: cvs-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the doc and www trees List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Nov 2005 16:36:40 -0000 On Saturday 12 November 2005 04:03 pm, Alexander Leidinger wrote: > On Sat, 12 Nov 2005 10:35:29 -0700 (MST) > > "M. Warner Losh" wrote: > > I've had a couple of private suggestions sent to me. > > > > The first is to create a raw-query-pr.cgi that will just serve up one > > PR in raw format with no links to this page. > > > > The second is to add another parameter to query-pr that changes > > quarterly. pass=bluestarts this quarter, pass=yellowdiamons next, etc > > (well, we wouldn't use the ingrediants to lucky charms as a > > password). This level of security is the same that exist on certain > > invitation only IRC channels that are out there. Someone has to tell > > you the password, and the password changes from time to time. Since > > developer mail is project confidencial, I would guess it would be > > sufficient to email the new password once a quarter. > > > > The ugly alternative is to have a 'members only' section of the > > website where you have to login. In that section, we could also give > > the full names. However, this suffers from the inability to easily > > use with 'fetch'. > > > > The forth alternative is those goofy 'tell me what's in this box' > > schemes. Prove you are a human. This sounds more burdonsome than > > logging into freefall to do the query-pr, which is Kris' main > > objection to the new change. > > Those, and specially the one we use, are too easy to circumvent. There's > somewhere a page (maybe available on the links section on my homepage > or still as a "add me to the links section"-mail somewhere in my > inbox...) which dissects a lot of those schemes and also provides code > how to circumvent them. > > With the current scheme in place we also can just render the email > address as a picture. It provides the same protection and also has the > same drawbacks for a committer. > > A better alternative would be to obfuscate the address, e.g. replacing > the "@" with an "at" or with a space or an ampersand or a percent sign > or whatever (even randomizing the replacement would be possible). And > replacing dots with something else. > > This would result in at least the same computational complexity for > address-harvesters and it would allow to just cut and paste the > addresses. It gives the additional benefit that sites such as > freshports (or our/foreign mail archives) provide the same obfuscation > without any further work. Hmm, I might like this the best. Something I've noticed, too, btw, is that there is still a 'submit followup' link on the same page that has the submitter's e-mail address in the mailto: (so it's even easier for a spider to find) so unfortunately I think the current change doesn't actually help the current page contents at all. I actually received the original complaint e-mail and had forwarded it to core@ to ask if the person's request was even reasonable, etc. on a Friday and came back in to find the changes were done over the weekend. :) On the face the request that we not publish people's e-mail addresses may seem reasonable, but I think in practice it is not something we can realistically do. At this point I'm all for just saying, "Sorry, once you've sent in a PR your e-mail address is likely to be harvested for spam and unfortunately we can't really plug all the leaks and still get anything useful done." I do like Alexander's suggestion above as it would automate the task of obfuscating the e-mail address when cutting and pasting into a commit log. If it included some randomization it would also make it slightly more "secure" (that's not the right word really) than the simplistic scheme that I always follow (s/@/ at /, s/\./ dot /g) -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org