On 25/07/2011 12:26, M.-A. Lemburg wrote:
Michael Foord wrote:
On 25/07/2011 11:52, M.-A. Lemburg wrote:
Michael Foord wrote:
On 25/07/2011 10:10, M.-A. Lemburg wrote:
Hi Michael,
Michael Foord wrote:
On 25/07/2011 09:56, M.-A. Lemburg wrote:
Could one of the list admins please turn the list archive
of the pydotorg-www list into a private one ?
I don't think it's a good idea to let our setup information leak
to the Internnet via search engines.
The *point* of pydotorg-www is that it is a public list. Private
information should be sent to pydotorg not pydotorg-www.
I was only talking about the archives, not making it a private
list altogether.
Sure, but losing public archives, and the ability to use search engines
to search the archives is a big loss.
We don't make the archives of other public lists private because someone
sent an email they shouldn't have done - in fact we generally refuse to
even remove those emails from the archive.
Right, but this mailing list is special in the sense that it
discusses an important piece of the Python infrastructure.
Unlike other mailing lists where such leakage usually only has impact
on the one accidentally sending it, it can cause potential harm to
the PSF servers in case of this list.
Does the information leaked present a real risk?
If you look through the archives, it's very easy to find out about
the infrastructure setup being used to run python.org. Take e.g.
this thread as example:
http://markmail.org/thread/kcxkjbesmbweaaj6#query:+page:1+mid:kcxkjbesmbweaaj6+state:results
Thomas' email has revealed more information in that direction.
It's not a direct risk, though.
I have a very strong
preference for keeping the archives public unless we absolutely have to.
I'd rather offending messages were scrubbed from the archive than the
list archives made private.
That's not possible, I'm afraid, since the list archives on python.org
are not only being picked up by Google, but also other sites which
then co-host them, e.g.
http://markmail.org/search/?q=pydotorg-www#query:pydotorg-www
list%3Aorg.python.pydotorg-www+page:1+state:facets
http://www.mail-archive.com/pydotorg-www@python.org/info.html
http://blog.gmane.org/gmane.comp.python.pydotorg-www
That's only if the archives are left long enough for the spiders to pick
them up. Not guaranteed to prevent information leakage but may be
sufficient in individual cases.
BTW: How often do you actually search on this mailing list ?
What I often do is browse the archives, having to log in is a nuisance.
I also link to discussions on the list - making them private effectively
prevents that as people have to join the list just to view the
archives. Occasionally when I can't find a particular discussion I use
search to find it.
Well, then what do you recommend to keep such infos off the net ?
Not posting them to a public list! Plus having policies and security
infrastructure in place that does not allow harm due to accidental
revealing of information.
This could just as easily have been posted to python-list or some other
public list, we should have policies in place to cope with this.
Whatever those policies are should apply to this list.
Michael
--
http://www.voidspace.org.uk/
May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html
_______________________________________________
pydotorg-www mailing list
pydotorg-www@python.org
http://mail.python.org/mailman/listinfo/pydotorg-www
