On Tue, Dec 8, 2015 at 10:33 PM, Martin Graesslin <mgraess...@kde.org> wrote: > On Tuesday, December 8, 2015 9:51:50 AM CET Martin Graesslin wrote: >> On Tuesday, December 8, 2015 8:21:03 PM CET Ben Cooksley wrote: >> > On Tue, Dec 8, 2015 at 2:19 AM, Martin Graesslin <mgraess...@kde.org> > wrote: >> > > On Friday, December 4, 2015 11:28:03 AM CET Jan Kundrát wrote: >> > >> On Friday, 4 December 2015 10:56:42 CET, Ben Cooksley wrote: >> > >> > Note that in the long run with DMARC looming you will need to switch >> > >> > to #2 anyway, and keeping your current behaviour will likely lead to >> > >> > mail from people who use Yahoo / AOL / etc ending up in the spam >> > >> > folder with many mailing list members. I'll be starting a discussion >> > >> > regarding taking this step on KDE systems at some point in the near >> > >> > future (switching to DMARC compatible policies). >> > >> > >> > >> > For more information, please see http://wiki.list.org/DEV/DMARC >> > >> >> > >> Do I understand your plan correctly? The following projects appear to >> > >> not >> > >> re-sign their ML traffic, and they mangle headers at the same time. If >> > >> I >> > >> understand your plan correctly, this means that I won't be able to use >> > >> my >> > >> @kde.org addresses on mailing lists of these projects, for example: >> > >> >> > >> - Qt, >> > >> - Debian, >> > >> - Gentoo, >> > >> - OpenStack, >> > >> - anything hosted at SourceForge, >> > >> - and many, many more, essentially anybody who were ignoring DKIM. >> > >> >> > >> Please, change your plans, this is obviously a huge no-go. >> > > >> > > this looks like a huge problem. Could this be rolled out in two phases: >> > > one >> > > where a big fat warning is added in some way, so that we can inform our >> > > mailing list masters about the breakage and then a slow enforcement? >> > >> > You can examine the "Authentication-Results" header from any mail that >> > passes through kde.org mail infrastructure to determine if it is >> > valid. >> >> Checking the non-KDE mailing lists I'm subscribed to: >> >> * EWMH mailing list (hosted on GNOME infrastructure): >> >> Authentication-Results: postbox.kde.org; dkim=fail >> reason="verification failed; unprotected key" >> header.d=gmail.com header.i=@gmail.com header.b=qL4yX1lm; >> dkim-adsp=none (unprotected policy); dkim-atps=neutral >> >> * wayland: no such header > > Correction: Wayland is also affected. I didn't check a gmail mail. So given > that all freedesktop.org are probably affected. > > Sorry Ben, that's just a no, it will be highly disruptive to KDE to turn us > off from these mailing lists.
Can't recall if I stated this previously, but i'd already decided to delay this until the end of January. It should not be delayed forever though. > > Cheers > Martin