Обсуждение: Re: [HACKERS] Moderator on Committers?
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 (redirected from -hackers) > I notice that there are many spam messages coming through on Committers. Many? > That seems a little strange, since one of my commit messages has been > held for moderator approval. (Apparently the word "sub" just happened to > get wrapped into first byte position, and so has been confused with a > subscribe message). > > Who is approving spam, yet refusing to permit messages from actual > committers to the commit list? I think the spam slipped through because it was sent with a fake "from" as the address of the mailing list itself. Marc has already closed the hole per my complaint a couple of days ago. However, I think the committers list could certainly do without the "subscription hint" filter. Marc, can you disable that bit on the committers list or make me an admin for that list so I can do it myself? - -- Greg Sabino Mullane greg@turnstep.com End Point Corporation http://www.endpoint.com/ PGP Key: 0x14964AC8 201008100939 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAkxhVpwACgkQvJuQZxSWSsj9JgCgpYkL7UAXndhb5ne6cehLGVLU ArUAoNWNwDZxUhE2Pq0iV+11HP9TKuzJ =BDEo -----END PGP SIGNATURE-----
"Greg Sabino Mullane" <greg@turnstep.com> writes: > I think the spam slipped through because it was sent with a fake "from" > as the address of the mailing list itself. Marc has already closed the > hole per my complaint a couple of days ago. However, I think the committers > list could certainly do without the "subscription hint" filter. Marc, > can you disable that bit on the committers list or make me an admin > for that list so I can do it myself? +1 ... just make sure you don't disable the "Security:" filter. (Possibly better would be to bypass those filters only for messages sourced from the CVS daemon, if that's possible.) regards, tom lane
Excerpts from Tom Lane's message of mar ago 10 10:05:25 -0400 2010: > "Greg Sabino Mullane" <greg@turnstep.com> writes: > > I think the spam slipped through because it was sent with a fake "from" > > as the address of the mailing list itself. Marc has already closed the > > hole per my complaint a couple of days ago. However, I think the committers > > list could certainly do without the "subscription hint" filter. Marc, > > can you disable that bit on the committers list or make me an admin > > for that list so I can do it myself? > > +1 ... just make sure you don't disable the "Security:" filter. > > (Possibly better would be to bypass those filters only for messages > sourced from the CVS daemon, if that's possible.) Possibly the script that sends the email from CVS could use the list password somehow so that the email is automatically authorized? (Of course, the password must not leak from there) -- Álvaro Herrera <alvherre@commandprompt.com> The PostgreSQL Company - Command Prompt, Inc. PostgreSQL Replication, Consulting, Custom Development, 24x7 support
On Tue, Aug 10, 2010 at 16:29, Alvaro Herrera <alvherre@commandprompt.com> wrote: > Excerpts from Tom Lane's message of mar ago 10 10:05:25 -0400 2010: >> "Greg Sabino Mullane" <greg@turnstep.com> writes: >> > I think the spam slipped through because it was sent with a fake "from" >> > as the address of the mailing list itself. Marc has already closed the >> > hole per my complaint a couple of days ago. However, I think the committers >> > list could certainly do without the "subscription hint" filter. Marc, >> > can you disable that bit on the committers list or make me an admin >> > for that list so I can do it myself? >> >> +1 ... just make sure you don't disable the "Security:" filter. >> >> (Possibly better would be to bypass those filters only for messages >> sourced from the CVS daemon, if that's possible.) > > Possibly the script that sends the email from CVS could use the list > password somehow so that the email is automatically authorized? (Of > course, the password must not leak from there) Yikes. That seems way more complex than called for. (Even if it's possible - which I doubt it is, at least without making it a *lot* more complex). If we can get rid of the admin commands filter, every committer's email should be on that list anyway. And if it gets moderated for that reason, it's easy enough to add with nomail. We don't have that many committers after all... -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/