You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ponymail.apache.org by arkanovicz <gi...@git.apache.org> on 2016/11/28 20:53:54 UTC
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
GitHub user arkanovicz opened an issue:
https://github.com/apache/incubator-ponymail/issues/268
Little confidentiality issue
When an apache committer browses the archives of a private mailing list he has access to, he can access the full timeline of the list, including emails that were sent **prior** to the date he was granted access to the list, including for instance the vote that made him a committer and attached remarks... It shouldn't pose any kind of problem in the vast majority of cases, of course, but this little side effect is at least worth noticing...
----
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
Posted by ShaneCurcuru <gi...@git.apache.org>.
Github user ShaneCurcuru commented on the issue:
https://github.com/apache/incubator-ponymail/issues/268
+1 for "this is a feature that we should document how access to lists works" and close this. For Apache purposes, access to a whole list (including prior dates) is the expected behavior.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
Posted by arkanovicz <gi...@git.apache.org>.
Github user arkanovicz commented on the issue:
https://github.com/apache/incubator-ponymail/issues/268
That's a rather strange position. It means that when I write to a private mailing list, I shall expect the email to be seen by not only the actual recipients, but also by each and any future recipient this list will ever have. It looks like more a limitation than a feature to me.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
Posted by Humbedooh <gi...@git.apache.org>.
Github user Humbedooh commented on the issue:
https://github.com/apache/incubator-ponymail/issues/268
This seems to be a discussion about an installation of Pony Mail, not the software itself.
My suggestion would be to supply the AAA libraries with additional (optional) data so the AAA lib can make a decision if need be.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF commented on the issue:
https://github.com/apache/incubator-ponymail/issues/268
This is also true of the mail-search archives under mod_mbox, so it's not not a new issue.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
Posted by ShaneCurcuru <gi...@git.apache.org>.
Github user ShaneCurcuru commented on the issue:
https://github.com/apache/incubator-ponymail/issues/268
Note that my comment is relating to the current state of the code and the requirements that the ASF has for our own mail archive system. I could imagine that **other** users might want this kind of feature - but as sebb notes here, that would require someone stepping up to do the work. Thus, for the time being, the important thing is to be sure this behavior is clearly documented so administrators and users know what to expect.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
Posted by Humbedooh <gi...@git.apache.org>.
Github user Humbedooh closed the issue at:
https://github.com/apache/incubator-ponymail/issues/268
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
Posted by Humbedooh <gi...@git.apache.org>.
Github user Humbedooh commented on the issue:
https://github.com/apache/incubator-ponymail/issues/268
Actually, that is already the case in 0.10 - so I'm closing this issue as it's up to the ASF and not the Pony Mail project to sort that out.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #268: Little confidentiality issue
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF commented on the issue:
https://github.com/apache/incubator-ponymail/issues/268
Note that it would require lots of additional record keeping to implement time-based access.
It would require access to information on subscriptions. These are managed by the mailing list software, which is completely independent. Strictly speaking, it would also preclude using the importer to load any messages that were sent before the Pony Mail archiver itself was subscribed to the mailing list. Also the number of people able to view the earliest archive messages would gradually reduce to zero.
As to the original comment regarding committers potentially seeing comments about their election etc, that is intrinsic to archived mailing lists. Perhaps that aspect of mailing lists needs to be better documented, but to be effective that documentation belongs elsewhere so it is seen before a posting is sent to an archived mailing list.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---