On Sat, Nov 12, 2005 at 10:35:29AM -0700, M. Warner Losh wrote: > In message: <[EMAIL PROTECTED]> > Ceri Davies <[EMAIL PROTECTED]> writes: > : > > > No, just add f=raw to get the raw PR without markup. > : > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=<PR#>&f=raw > : > > > ^^^^^^ > : > > > : > > If you do that, then the address is in the PR header anyway, so where's > : > > the problem? (yes, that elides the usefulness a little, but raw links > : > > are not presented on the site and are therefore less spiderable). > > <a little off-topic text deleted> > > Ahem. Gettback back on track... > > I've had a couple of private suggestions sent to me. > > The first is to create a raw-query-pr.cgi that will just serve up one > PR in raw format with no links to this page. > > The second is to add another parameter to query-pr that changes > quarterly. pass=bluestarts this quarter, pass=yellowdiamons next, etc > (well, we wouldn't use the ingrediants to lucky charms as a > password). This level of security is the same that exist on certain > invitation only IRC channels that are out there. Someone has to tell > you the password, and the password changes from time to time. Since > developer mail is project confidencial, I would guess it would be > sufficient to email the new password once a quarter.
I have another idea. Committers could add a world-readable ~/.querypr.pass to their home directories containing a string that authenticates them for seeing email addresses. Then we have some method to "login" (ie, set a cookie) that lasts for a month. That method just checks that the string in the cookie matches the string in ~/.querypr.pass. Anyway, I think that the general consensus is that the current code thing sucks, so I agree that it should be backed out. Ceri -- Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Einstein (attrib.)
pgp2buLBIqAyu.pgp
Description: PGP signature
