[Project_owners] [Sysadmin] mozdev.org -- are these files supposed to be public?

Eric H. Jung eric.jung at getfoxyproxy.org
Thu Oct 6 09:41:39 PDT 2011


hi guys, i've been seeing all the support requests on these two mailing
lists. my father died unexpectedly on Saturday, so I've been unable to
assist. i should be able to assist again next week. can someone please
please please grant me SSH access to the server? my ip address changes too
frequently, so it cannot/should not be tied to my ip address. let me know
where to send my public key.

thanks,
eric


On Thu, Oct 6, 2011 at 12:32 PM, Arturo 'Buanzo' Busleiman <
buanzo at buanzo.com.ar> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> We are working on that. Please stand by for a solution. Thank you for your
> patience.
>
> On 10/06/2011 01:20 PM, REMOVED wrote:
> > I understand that not indexing is not a perfect solution, but it would be
> an acceptable solution to
> > me. I realize that the information could still theoretically be accessed
> (if someone knew where to
> > look), but it wouldn't be "accessible" (easy to access, a secondary
> meaning for the word).
> >
> > Also, the second method I suggested for making them non-indexable would
> do so by preventing them
> > from being accessed via HTTP in the first place. I don't presume that is
> necessarily an acceptable
> > option to the sysadmins however.
> >
> > Again, I appreciate everyone's time and consideration, and I will be
> thrilled if any one of my
> > suggestions is implemented.
> >
> > Nate
> >
> > On 10/06/2011 11:30 AM, Arturo 'Buanzo' Busleiman wrote:
> > I was just offering an explanation. Also, not indexing does not really
> protect you from anything, in
> > the end: the data would still be there and accesible. Lots of crawlers /
> search engines do not
> > actively obey robots.txt rules.
> >
> > The result would be for someone to edit the mbox files, but it is not up
> to me to make that
> > decision. I support your right for privacy.
> >
> > On 10/06/2011 12:13 PM, REMOVED wrote:
> >>>> I am not trying to assign blame to the sysadmins; I am making a
> request. The reason I asked if the
> >>>> files were intended to be public is because I noticed that the HTML
> version of the archive uses the
> >>>> "noindex" robots declaration on
> http://mozdev.org/pipermail/blunderdelay/ ... I actually didn't
> >>>> notice until now that the individual messages in the HTML format don't
> share in using that
> >>>> declaration, I just presumed so since the parent page does. (It also
> struck me as a possible
> >>>> oversight that the files were being indexed since you have the
> separate human-readable HTML versions
> >>>> on the site.) The HTML version of my e-mail being indexed does not
> concern me, since it doesn't
> >>>> include those headers.
> >>>>
> >>>> I acknowledge that I made an oversight some four years ago when I sent
> that message. I don't think
> >>>> it is necessary for me to be condemned to potential suffering of the
> seriousness I have indicated if
> >>>> it can be reasonably avoided.
> >>>>
> >>>> I recognize that the sysadmins may have reservations about making
> certain changes, which is why I
> >>>> have suggested multiple options. I suggested two different ways to
> prevent the mbox files from being
> >>>> indexed, under the presumption that there is no reason one would want
> them to be indexed when there
> >>>> are already processed and human-readable versions of those e-mails in
> HTML format on the site. If
> >>>> the sysadmins see some sort of utility in the indexing of the mbox
> files that I have overlooked, I
> >>>> hope they will consider my request to make a precision edit to remove
> the content which concerns me,
> >>>> either by editing the 3 lines which concern me or by merely deleting
> my message in its entirety from
> >>>> the thread.
> >>>>
> >>>> If none of these options is acceptable to the sysadmins, I would be
> appreciative if you could
> >>>> explain what concerns you have about the options I have suggested.
> >>>>
> >>>> Thanks,
> >>>> Nate
> >>>>
> >>>> On 10/06/2011 10:24 AM, Arturo 'Buanzo' Busleiman wrote:
> >>>> The fact the mbox file is below a pipermail seems to suggest it's a
> public mailing-list related
> >>>> file, ergo, indexing them IS the usual practice. You exposed yourself,
> not because of a mozdev
> >>>> system administration problem, but because of how you used gmail and
> public mailing lists.
> >>>>
> >>>> I'm not pointing fingers, just making a clarification. If you need to
> separate your online
> >>>> identities, do not use the same service (i.e gmail) to link them
> together, which seems to be the
> >>>> case (gmail allows to have different From lines, you probably used
> that feature, but the real SENDER
> >>>> is the gmail account used to send, even if changing the from).
> >>>>
> >>>> Someone else needs to make the call on editing that file.
> >>>>
> >>>> public.On 10/04/2011 10:20 PM, REMOVED wrote:
> >>>>>>> Greetings, sysadmins!
> >>>>>>>
> >>>>>>> Could you please provide your response regarding the concerns and
> suggestions I brought up in my
> >>>>>>> August 28 message, copied 5 messages below? (The start is
> highlighted with the bolded text.) Your
> >>>>>>> response never got back to me. I appreciate your time. Thanks.
> >>>>>>>
> >>>>>>> Best Regards,
> >>>>>>> REMOVED
> >>>>>>>
> >>>>>>> On 09/01/2011 05:24 PM, David Boswell wrote:
> >>>>>>>> OK, will do.
> >>>>>>>>
> >>>>>>>>
> ----------------------------------------------------------------------------------------------------
> >>>>>>>>     **If messages sent to that list are not put into public mbox
> files, I have no objection if you
> >>>>>>>>     will forward my message.
> >>>>>>>>
> >>>>>>>>     Thanks,
> >>>>>>>>     Nate
> >>>>>>>>
> >>>>>>>>     On 09/01/2011 05:00 PM, David Boswell wrote:
> >>>>>>>>>     Nate,
> >>>>>>>>>
> >>>>>>>>>     The sysadmins list is a private mailing list.  If you're not
> comfortable with me forwarding
> >>>>>>>>>     that message, would you write a message to
> sysadmin at mozdev.org <mailto:sysadmin at mozdev.org>
> >>>>>>>>>     without the sensitive information that addresses the concerns
> you have?
> >>>>>>>>>
> >>>>>>>>>     David
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> ----------------------------------------------------------------------------------------------------
> >>>>>>>>>         **
> >>>>>>>>>         Also,
> >>>>>>>>>
> >>>>>>>>>         I copied your sysadmins on my message below, but then got
> notification that it was going
> >>>>>>>>>         to post to another mailing list, so I used the cancel
> link in that message. Please do not
> >>>>>>>>>         post my e-mail to a mailing list, as it would defeat the
> purpose of my request.
> >>>>>>>>>
> >>>>>>>>>         Nate
> >>>>>>>>>
> >>>>>>>>>         *On 08/28/2011 11:27 AM, REMOVED wrote: *
> >>>>>>>>>>         Hello again!
> >>>>>>>>>>
> >>>>>>>>>>         I apologize for being a pest, but I was hoping you'd get
> back to me regarding my earlier
> >>>>>>>>>>         inquiry. If you don't see the observation I've made as
> being a problem from your
> >>>>>>>>>>         perspective, I'm hoping you will be kind enough to
> indulge me anyway, if it's not too
> >>>>>>>>>>         much trouble.
> >>>>>>>>>>
> >>>>>>>>>>         You see, I'm actually concerned for my own sake, because
> the file I linked you to below
> >>>>>>>>>>         exposes some information about me, and I have been
> subject to some rather uncomfortable
> >>>>>>>>>>         stalking and harassment during the past several months,
> so would prefer that the
> >>>>>>>>>>         information was not so accessible. I would be highly
> appreciative if this information
> >>>>>>>>>>         could either be removed from the file or if the files
> containing such information were
> >>>>>>>>>>         prevented from being index by the search engines.
> >>>>>>>>>>
> >>>>>>>>>>         I am familiar with the Apache Web server, but not so
> much with the nginx server
> >>>>>>>>>>         mozdev.org seems to be using. However, I've done a
> small amount of research, and I
> >>>>>>>>>>         believe either one of the following two directives could
> be used to prevent search
> >>>>>>>>>>         engines from indexing the mbox files. I do not believe
> there is any reason why you
> >>>>>>>>>>         should want those files indexed by search engines
> anyway, so I'm hoping you will comply
> >>>>>>>>>>         with my request.
> >>>>>>>>>>
> >>>>>>>>>>             # tell search engines not to index mbox files
> >>>>>>>>>>             location ~ \.(mbox)$ {
> >>>>>>>>>>                 add_header X-Robots-Tag noindex;
> >>>>>>>>>>             }
> >>>>>>>>>>
> >>>>>>>>>>             # disallow mbox files from being viewed directly via
> http
> >>>>>>>>>>             location ~ \.(mbox)$ {
> >>>>>>>>>>                 deny all;
> >>>>>>>>>>                 return 403;
> >>>>>>>>>>             }
> >>>>>>>>>>
> >>>>>>>>>>         Either one of these should prevent further indexing of
> mbox files by the search engines,
> >>>>>>>>>>         and would result in the eventual removal of mbox files
> from their current index. You can
> >>>>>>>>>>         see the current mbox files listed in Google here:
> >>>>>>>>>>
> https://encrypted.google.com/#sclient=psy&hl=en&site=&source=hp&q=filetype:mbox+site%3Amozdev.org&pbx=1&oq=filetype:mbox+site%3Amozdev.org&aq=f&aqi=&aql=&gs_sm=e&gs_upl=835l835l0l2250l1l1l0l0l0l0l148l148l0.1l1l0&bav=on.2,or.r_gc.r_pw.&fp=1d753b302b4e010e&biw=1280&bih=937
> >>>>>>>>>>         <
> https://encrypted.google.com/#sclient=psy&hl=en&site=&source=hp&q=filetype:mbox+site%3Amozdev.org&pbx=1&oq=filetype:mbox+site%3Amozdev.org&aq=f&aqi=&aql=&gs_sm=e&gs_upl=835l835l0l2250l1l1l0l0l0l0l148l148l0.1l1l0&bav=on.2,or.r_gc.r_pw.&fp=1d753b302b4e010e&biw=1280&bih=937
> >
> >>>>>>>>>>
> >>>>>>>>>>         Alternatively, if you are not able or not willing to
> adjust your server configuration to
> >>>>>>>>>>         accommodate my request, I am hoping you will be willing
> to edit the specific mbox file
> >>>>>>>>>>         which concerns me:
> http://www.mozdev.org/pipermail/blunderdelay.mbox/blunderdelay.mbox
> >>>>>>>>>>
> >>>>>>>>>>         In that file, there is an e-mail from me from February
> of 2008 (Mon Feb 4 21:03:15
> >>>>>>>>>>         2008). The headers in that e-mail make an unintended
> connection between an online
> >>>>>>>>>>         identity, "REMOVED", and my personal name and personal
> account, "REMOVED" and
> >>>>>>>>>>         "REMOVED at gmail.com" <mailto:REMOVED at gmail.com>
> respectively. I would be grateful
> >>>>>>>>>>         if you could remove that connection in either of the
> following ways: (1) simply delete
> >>>>>>>>>>         my e-mail message and headers from the file, or (2)
> remove the "Sender" line and replace
> >>>>>>>>>>         the e-mail address that shows up in the first two lines
> of the headers with
> >>>>>>>>>>         "REMOVED at Gmail.com" <mailto:REMOVED at Gmail.com>.
> >>>>>>>>>>
> >>>>>>>>>>         Thank you so much for taking the time to read my
> message, and for considering my request.
> >>>>>>>>>>
> >>>>>>>>>>         Best Regards,
> >>>>>>>>>>         REMOVED
> >>>>>>>>>>
> >>>>>>>>>>         On 08/04/2011 04:03 PM, David Boswell wrote:
> >>>>>>>>>>>         Nate,
> >>>>>>>>>>>
> >>>>>>>>>>>         Thanks for pointing this out.  I'm forwarding this to
> our sysadmins for their feedback.
> >>>>>>>>>>>
> >>>>>>>>>>>         David
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>             ----- Forwarded Message -----
> >>>>>>>>>>>             *From:* REMOVED <REMOVED at gmail.com>
> <mailto:REMOVED at gmail.com>
> >>>>>>>>>>>             *To:* davidwboswell at yahoo.com <mailto:
> davidwboswell at yahoo.com>
> >>>>>>>>>>>             *Sent:* Wednesday, August 3, 2011 8:10 PM
> >>>>>>>>>>>             *Subject:* mozdev.org -- are these files supposed
> to be public?
> >>>>>>>>>>>
> >>>>>>>>>>>             There are mbox files publicly available and showing
> up in search results, for example:
> >>>>>>>>>>>
> http://mozdev.org/pipermail/blunderdelay.mbox/blunderdelay.mbox
> >>>>>>>>>>>
> >>>>>>>>>>>             I noticed that the HTML versions have the "robots"
> meta tag set to "noindex," so I
> >>>>>>>>>>>             can only presume the mbox files weren't intended to
> be indexed either...?
> >>>>>>>>>>>
> >>>>>>>>>>>             You can set the X-Robots-Tag header to noindex
> automatically for mbox files with
> >>>>>>>>>>>             Apache ... though I'm not sure about how this might
> be accomplished with nginx.
> >>>>>>>>>>>
> >>>>>>>>>>>             Regards,
> >>>>>>>>>>>             Nate
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> Sysadmin mailing list
> >>>>>>> Sysadmin at mozdev.org
> >>>>>>> https://www.mozdev.org/mailman/listinfo/sysadmin
> >>
>
> - --
> ⁂ Arturo "Buanzo" Busleiman ⁂ - http://soundcloud.com/no-carrier -
> Independent Linux and Security Consultant - 16+y of IT exp. at your service
> .
> OWASPer - http://www.buanzo.com.ar/pro/eng.html
>   ..:
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEAREKAAYFAk6N2A8ACgkQAlpOsGhXcE1LiACeL0GQt4exEHLiqiaMhZfXFCde
> 6LwAnjI89qXbRtOCq3wLPF6/7mssyxXw
> =W+/8
> -----END PGP SIGNATURE-----
> _______________________________________________
> Sysadmin mailing list
> Sysadmin at mozdev.org
> https://www.mozdev.org/mailman/listinfo/sysadmin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mozdev.org/pipermail/project_owners/attachments/20111006/aca1d9bb/attachment-0001.html>


More information about the Project_owners mailing list