RoundCube developers and users,
just thought I'd post a bit of mailing list administrative information
and short status update on Trac/Wiki/Archive/Subversion matters.
* When posting to the RoundCube Dev list, please make sure you do so
from the address with which you are subscribed. All messages from non
subscribers are held for moderation, so when you post from another
address it increases the moderators workload (Thomas and me) and it
delays your message. If you do post from another address by accident,
please don't repost from the correct address. This will most likely lead
to your message being posted to the list twice. Sometimes in the next
few two weeks I'll probably ask one or two of you to help with the
moderation (I'll do so in a private e-mail).
The moderation is in place only to keep the list from redistributing any
spam that will inevitably be sent to it's submission address. *All*
non-spam messages should be approved by the moderators.
* Some of you have over eager anti-spam filters in place on the
addresses subscribed to the list and you are rejecting legitimate list
traffic. If it's at all possible, please make sure you white list e-mail
from 195.159.29.202/maildialog.com. In cases where I see excessive
rejects for a particularly stupid reason, I'll just unsubscribe the
offending address to keep my workload at an acceptable level.
* Some of you have asked that we include a Reply-To: header in messages
distributed to the list. I could go on at length about why this is not a
good idea, but luckily Chip Rosenthal has already done so. Anyone
interested should read his excellent essay:
"Reply-To" Munging Considered Harmful
http://www.unicom.com/pw/reply-to-harmful.html
* A few words om mailing list etiquette: When replying to the list,
please make sure to remove any irrelevant quoted text before sending. In
the last few days I've seen some horrible examples of messages with just
a few words of original content, followed by several kb of quoted text.
Please show some consideration and spend the 2 seconds needed to trim
your quotes.
Another matter of mailing list etiquette is top-post reply vs. in-line
reply. This is a matter of some debate, and not something that should be
discussed here. I'll just ask that you all take a look at the excellent
Wikipedia article on the subject and form your own opinion on the matter:
http://en.wikipedia.org/wiki/Top-posting
I'll also note that quite a few people (myself included) subscribe to
more mailing lists then they have time to read. For such people, one
factor in deciding to read or skip your reply may be if it's top-posted
or in-line (again, myself included).
* Redistribution delays: The mail server hosting the mailing list got a
bit of a surprise after the Slashdot "incident", and have been
experiencing some redistribution delays. I've seen delays as high as 30
minutes, but it looks like more then 97% of all traffic is delivered
within 5 minutes. This has to do with the Exim install not being
optimized for mailing list deliveries. I'll keep an eye on this over the
next few day.
* I've had reports of mailing list subscribers experiencing probeing
looking for RoundCube installs after posting to the list. Please keep an
eye out for this. RoundCube is not production ready, and it's entirely
possible there may be some exploitable security holes in it (see below).
The report I got saw probes from 70.177.39.72, so if you could all check
your logs for this IP. If you find something, please e-mail *me*, not
the list, and I'll coordinate the investigation. Even if you don't have
any probes from that address, please keep en eye out for unusual
activity, especially if you've posted identifying details to the mailing
list.
* Security in RoundCube: There's been talk about letting users select
the IMAP server to connect to (via select boxes, input boxes, from the
domain in the URL and others). If this is combined with a RoundCube
configured to relay outgoing e-mail via a hardcoded local SMTP relay you
have an exploitable setup, and will probably have problems sooner or
later. Please keep this in mind!
* Status of Trac/Wiki/Archive/Subversion: All the software for the new
web site (Trac with wiki, MHonArc mailing list archive and Subversion)
has been set up. What remains is a bit of work on the layout, and some
porting of information from the old site. I'm currently working with
Thomas on the former, but could use some help on the later. So if you
feel like helping out with porting some information into the wiki, send
me a private e-mail and I'll get back to you.
I also think it's about time someone started working on a FAQ, so if you
have a few hours to spare, good English communication skills, a rough
understanding of how RoundCube works, and the most common problems
experienced by it's users, drop me en e-mail and I'll get you advanced
access to the new wiki so you can get started.
Bob (list-mom)
