Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 08 Feb 2016 10:42:33 +0800
From:      qjail1 <qjail1@a1poweruser.com>
To:        Kurt Jaeger <lists@opsec.eu>
Cc:        ports@freebsd.org, portmgr@freebsd.org, qjail1@a1poweruser.com
Subject:   Re: port maintainer address
Message-ID:  <56B80099.3070606@a1poweruser.com>
In-Reply-To: <20160206063406.GP46096@home.opsec.eu>
References:  <56B56114.1000401@a1poweruser.com> <20160206063406.GP46096@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Kurt Jaeger wrote:
> Hi!
> 
>> A year ago I was receiving loads of spam email on the maintainer email 
>> addresses used in the ports makefile. I created bug tickets to change 
>> the user name part of the email address for all the ports I maintain, 
>> but some how I missed the qjail2 port. Now that port says its maintained 
>> by ports@FreeBSD.org and the spam email has stopped.
>>
>> Since bugzilla uses the port maintainer email address as the way to 
>> identify the port maintainer, I no longer can post updates to qjail2 
>> port.
> 
> We'll understand that the patch comes from you, so just submit it.
> 
>> Why has Freebsd NOT done something to protect their port maintainers 
>> from spam.
> 
> Because if you think that not having the email addresses in the port
> protects you from spam, this probably will not scale. Spam defense 
> is not a task the FreeBSD project can also take on, in addition
> to all the others.
> 

In todays world the normal, customary, and prudent methodology is to 
protect a users email address from public view so its increasingly more 
difficult for it to be harvested for targets of spam. I ask WHY is the 
Freebsd ports system using a very old methodology that was designed over 
20 years ago, before the birth of spam. The majority of customer 
websites and programming development websites all have protected their 
user email addresses, WHY NOT FREEBSD?

It's way past the time that this problem gets the attention it deserves.
Lets at least create a project to analyze the ports system "Maintainer 
email address" to see just what would be involved in populating it with 
a dummy value so every place it is viewable to the public the real 
content is masked, this includes the down loadable ports tree.

Lets not have any more defeatist comments to let the sleeping dog lay. 
Thats what got us in this position in the first place.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56B80099.3070606>