Re: xml-rpc



On Fri, 2004-07-09 at 20:16 +0200, Daniel Egger wrote:
> On 09.07.2004, at 13:28, Luis Villa wrote:
> 
> >> Also I hope that it is *not* possible to get *any* bug
> >> information without authentication because this is a
> >> major possibility to harvest addresses for spammail
> >> with very little effort.
> 
> > We're pretty much already screwed on this count. If we care, we need to
> > steal KDE's patch to obscure these.
> 
> It still makes a huge difference whether one can with big
> efforts extract email addresses from largish webpages[1] or
> get a nicely sorted list of addresses by the means of a
> 4 line Python script.
> 
> I really hope that the interface only allows for
> a) qualified (i.e. authenticated) new entries
> b) write/append-only access
> 
> I really wish I had the time to audit (and understand!) the
> patch you sent; but unfortunately I won't, at least not within
> the next week.
> 
> [1] which I have to implicitely assume you're referring to

Well, right, but... the reality is we have quite harvestable pages
already. Given the large number of emails available in open bugzillae
around the world (b.g.o and b.m.o alone are probably 100K email
addresses) I'd be shocked if these addresses aren't all already
harvested. :/

Luis




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]