potiuk opened a new pull request, #3: URL: https://github.com/apache/comdev/pull/3
## Summary Builds on top of #2 to make the restriction layer safer by default. The current branch blocks a fixed set of patterns (`private@`, `security@`, ASF foundation lists). Anything outside those patterns — e.g. an unconventionally-named PMC list — would slip through. This PR adds a second layer that inspects PonyMail's own `private` flag on every response and blocks unless the list is explicitly opted in via a new `PONYMAIL_ALLOWED_LISTS` env var. **Two-layer defense:** 1. **Pattern blocks** (pre-fetch) — unchanged, still controlled by `PONYMAIL_RESTRICTED_LISTS`. 2. **Private-flag block** (post-fetch) — checks `data.private` on every response from `search_list` / `get_email` / `get_thread`. `get_mbox` does a `stats.lua?quick` pre-flight probe since the mbox endpoint returns raw text. **Opt-in:** `PONYMAIL_ALLOWED_LISTS` (new env var, comma-separated) — matching lists bypass both layers. Same pattern grammar as `PONYMAIL_RESTRICTED_LISTS` (`prefix@`, `@domain`, `prefix@domain`). **Documentation:** README gains a "Why this matters: PII and ASF policy (interim guidance)" section linking the [ASF Mailing Lists page](https://www.apache.org/foundation/mailinglists.html) and [ASF Privacy Policy](https://privacy.apache.org/policies/privacy-policy-public.html). It explains that: - private ASF lists frequently carry PII (PMC nominations, conduct reports, legal correspondence) - ASF confidentiality policy doesn't yet address LLM use specifically - block-all-private is the safe interim default; users opt in only for lists they're authorized for and in LLM environments matching that risk (local LLMs vs. hosted) - `security@`-style lists are typically work/technical and *likely* (not guaranteed) to attract fewer policy restrictions than `private@`-style lists - the doc will be updated as ASF guidance evolves ## Test plan - [ ] Verify `list_restrictions` shows the new private-flag policy and current allow-list - [ ] Verify a non-allow-listed private list (e.g. `private@<some-project>.apache.org`) is blocked even with valid auth - [ ] Verify `PONYMAIL_ALLOWED_LISTS="private@<project>.apache.org"` lets the corresponding list through - [ ] Verify `get_mbox` blocks for a private list (pre-flight check) and works for a public list - [ ] Verify `list_lists` marks allow-listed entries with `[ALLOW-LISTED]` 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
