email mangling (Re: cvs commit: src/bin/ls cmp.c extern.h ls.1 ls.c ls.h print.c util.c

Peter Jeremy peterjeremy at
Fri Mar 24 20:49:52 UTC 2006

On Fri, 2006-Mar-24 14:15:52 -0500, Garance A Drosehn wrote:
>It's one thing for me to say my email address is public info,
>but it does not seem right for me to say that everyone who
>submits a valuable patch to FreeBSD must also have their
>email address posted for spammers to pick up on.

Spammers can just as easily harvest the PR database.

I think this thread is getting off-topic and belongs elsewhere since
this is a topic that is probably more relevant to a wider audience than
people who read the CVS lists.

IMHO, the Project needs to formulate guidelines covering the use of
e-mail addresses in commit messages etc.  There is already a warning
in the PR submission web page but it only mentions the web interface
and does not mention that your address may appear elsewhere.  There is
no warning in send-pr.

I don't believe it's practical for the Project to state that e-mail
addresses will be obfuscated because:
- Any documented algorithm can be readily inverted by spammers
- In the absence of any documented algorithm, people can complain that
  the way an e-mail address has been munged isn't 'obfuscation'.
- It's not practical to obfuscate addresses in all situations so
  un-obfuscated addresses would still be visible via some mechanisms.

The easiest solution is probably to add disclaimers to anywhere that
the user provides an e-mail address (send-pr, send-pr.html, mailman,
mailman confirmation messages etc) warning that the supplied e-mail
address will be visible on the web etc.

Peter Jeremy

More information about the cvs-src mailing list