[Balug-Admin] BALUG resources, lists, etc.

Rick Moen rick@linuxmafia.com
Fri Dec 28 17:55:16 PST 2007 

(Once again, apologies in advance if through impatience and
overfamiliarity with this issue I come across as too brusque.)

Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):

> Well, hopefully "we" (BALUG) aren't too likely to run into such
> problems ... though it's not necessarily always feasible to alay all
> suspicions.

That natural suspicion -- which I'm not sure you're taking seriously
enough -- is of course part of the problem, but there's also the other
part I cited:  In a Linux online community, the ability to see who else
is participating (or at least the posting addresses) is, I maintain, an
essential and natural part of the community process.  As I've pointed
out, the "hide from spammers" reason you originally cited simply doesn't
hold water for several reasons.

That leave the reason you just posted:  your ability to screenscrape the
HTML version of the roster without having to clear members' "hidden"
flags, first.

> *if you know of something easier, let me/us know. 

Since, lacking shell access, we cannot use
/usr/lib/mailman/bin/list_members , what comes to mind for a
programmatic solution is:

1.  Clear "hidden" flags via the admin screens, capturing the addresses
    for which you do this.
2.  Screenscrape the resulting roster screen.
3.  Re-set the "hidden" flag on the members affected.


> As the number of subscribers on a list increases, and if all on the list
> can get the e-mail addresses of everyone on the list, the probability of
> abuse increases (e.g. we'll likely soon have over 500 e-mail addresses
> on our "announce" list).

Part of the price of participation in a public community is that you
might get contacted by jerks.  As mentioned, people who wish to
participate but not let the public see their e-mail addresses already
have the means to do so (though they'd also need to make sure they never
post).  It's just not reasonable to cripple the transparency of our
mailing lists just because someone, some time, could send people mail
they don't want.  For one thing, your change _doesn't even prevent_ them
from doing that:  It means only that they need to carry out that misdeed
via the mailing list itself, possibly using throwaway webmail addresses
if they intend to commit repeat offences.

(That having been said, there is no compelling need for the _announce_
list's roster to be accessible to anyone but the listadmins, as it's not
a community forum.  I was referring to the other two, which are.)



> We probably have "more than enough" folks that have access to the list
> roster (probably at least half a dozen or more folks) - so the
> probability of someone successfully coopting the list and denying
> access to most or all of the subscriber e-mail addresses to BALUG is
> quite low.

Setting aside the fact that I spoke of the public _impression_ of likely
listadmin abuse created by deployment of such settings, not the
probability of that abuse actually occurring, sadly, what you claim
above turns out to be non-sequitur:  There have been many cases
(elsewhere) of listadmins carrying out personal measures against members
that their fellow admins never noticed, and indeed had no easy means to
see at all.  This is especially easily done on Mailman installations
such as Dreamhost's where the listadmins don't have access to Mailman's
logfiles, the only complete record of who has done what.


> I also removed the text from the list descriptions that indicates
> whether or not the roster is available to all subscribers.

Well, I'm putting it right back, after sending this mail, and changing
the rosters of balug-talk and balug-admin back to subscriber-accessible,
for reasons cited.  I'll readily admit to feeling strongly about the
latter point, but it's the fruit of very long experience as a listadmin.

(I'm putting the roster access text + markup back onto the
balug-announce listinfo page, too, because, well, it's useful to the
listadmins, darn it.)

And, _please_, again, let's all consult before suddenly changing key
mailing list settings.  For one thing, it's a real pain to have to
consult other Mailman installations to re-find the markup you removed
from the listinfo pages without consulting anyone else.

I'm not asking for unique consideration on account of the coincidental
fact that I happen to be BALUG's sole listadmin at the moment, but I do
think that I (along with this group of admins generally) should have
been meaningfully consulted and not merely informed after the fact.

More information about the BALUG-Admin mailing list