You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2011/08/29 16:02:20 UTC

[Bug 6656] New: sa-update could send more information to help mirrors/project track issues

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6656

             Bug #: 6656
           Summary: sa-update could send more information to help
                    mirrors/project track issues
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: PC
        OS/Version: Windows 7
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sa-update
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: kmcgrail@pccc.com
    Classification: Unclassified


I believe sa-update and documentation should be changed to include sending more
information via the user-agent:

internal IP
internal system name
*nix distro (if applicable)

This information is only accessible by mirror admins and is for the long-term
administration of the sa-update project.  

It will hopefully let us identify abusers, problematic installs and
distributions that need fixing.

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6656] sa-update could send more information to help mirrors/project track issues

Posted by bu...@bugzilla.spamassassin.org.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6656

Michael Scheidell <sc...@secnap.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |scheidell@secnap.net

--- Comment #1 from Michael Scheidell <sc...@secnap.net> 2011-12-31 10:56:59 UTC ---
I (as a mirror operator) would appreciate this, 

However, as a security/privacy professional, I would be upset to the MAX if
sa-update was sending my internal (behind nat) private ip address.


I believe it would violate privacy and security policies at major companies,
and could possibly even violate EU data privacy and protection laws.

(we also do IT security audits, and no, you don't want to give ANYONE, a clue
about your internal structure).  

Trust the sa-update ops? yep, good, then why pgp signatures?

Post this question in sa users group, and don't do it like a poster for a
political party:

1) should we reveal internal private information about your network to
sa-update operators.

or

2) should we improve sa-update?


(be careful how you approach question.. )

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.