headers
Solar Designer | 20 Oct 19:42

obfuscating e-mails in RPM specs

Hi,

We're about to start obfuscating e-mail addresses in our RPM spec files,
and we intend to update all of our existing specs accordingly.

The syntax we might use is this:

* Sat Sep 24 2005 Solar Designer <solar at owl.openwall.com> 3.6.1p2-owl15

My questions are:

1. Are others doing the same?  What syntax is being used?

2. Is this known to break any software processing spec files or RPMs?
In particular, I guess the extra spaces might break the separation of
fields, so should they be avoided?  Maybe use dashes instead?

3. Is it even worthwhile to try to come up with a common syntax for this?

Thanks,

--

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
Permalink | Reply |
headers
Andreas Ericsson | 20 Oct 20:24
Favicon
Gravatar

Re: obfuscating e-mails in RPM specs

Solar Designer wrote:
> Hi,
> 
> We're about to start obfuscating e-mail addresses in our RPM spec files,
> and we intend to update all of our existing specs accordingly.
> 
> The syntax we might use is this:
> 
> * Sat Sep 24 2005 Solar Designer <solar at owl.openwall.com> 3.6.1p2-owl15
> 

This is a bit too common. Most harvesting engines will understand it if 
they try at all. The <> signs are a dead giveaway for them to try a bit 
harder.

> My questions are:
> 
> 1. Are others doing the same?  What syntax is being used?
> 

Others are doing the same with various syntaxes. I've seen
foo.bar@...
turned into
foo_dot_bar_at_some_dot_where_dot_com (which is a bit stupid IMO).
foo <at> bar <at> some <at> where <at> com (which is even dumber)
foodotbaratsomedotwheredotcom (not only dumb, but also unreadable)
foo.bar#some.where.com (which is sort of neat and tidy)
foo:bar <at> some:where:com (clever harvesting engines break this on account 
of : being a member of the interpunctuation class)
foo dot bar at some dot where dot com (hard to read)
(Continue reading)

Permalink | Reply |
headers
Solar Designer | 24 Oct 04:55

Re: obfuscating e-mails in RPM specs

On Thu, Oct 20, 2005 at 08:24:57PM +0200, Andreas Ericsson wrote:
> Solar Designer wrote:
> >The syntax we might use is this:
> >
> >* Sat Sep 24 2005 Solar Designer <solar at owl.openwall.com> 3.6.1p2-owl15
> 
> This is a bit too common. Most harvesting engines will understand it if 
> they try at all.

I've been using the above syntax on websites for a few years and it's
worked well so far.  I realize that it's only a matter of time until
_some_ (definitely not all) harvesting bots will start to pick it up.

> Others are doing the same with various syntaxes.

In RPM spec files?

If you're aware of some examples, please point me at them.

Anyway, I am now converting our spec files to use the following syntax:

-* Fri May 06 2005 Solar Designer <solar@...> 1.0.3-owl1
+* Fri May 06 2005 Solar Designer <solar-at-owl.openwall.com> 1.0.3-owl1

E-mail addresses not in RPM %changelog's (in comments, in documentation
files, etc.) will continue to use spaces instead of the dashes.

Thanks to everyone who responded!

--

--
(Continue reading)

Permalink | Reply |
headers
Mark Hatle | 20 Oct 20:44

Re: obfuscating e-mails in RPM specs

We just use a generic <source@...> email address in our
packages. 
  This (is supposed to) go to a generic mailing list watched by our 
Marketing/Technical Support folks.. (customers have a difference address 
to contact.)

But that being said, I'm not sure if anyone actually uses that 
information for anything automatic.  If they do, I'd be interested to 
know what.

As far at the obfuscating email addresses goes.. I think your proposal 
would work well.

--Mark

Solar Designer wrote:
> Hi,
> 
> We're about to start obfuscating e-mail addresses in our RPM spec files,
> and we intend to update all of our existing specs accordingly.
> 
> The syntax we might use is this:
> 
> * Sat Sep 24 2005 Solar Designer <solar at owl.openwall.com> 3.6.1p2-owl15
> 
> My questions are:
> 
> 1. Are others doing the same?  What syntax is being used?
> 
> 2. Is this known to break any software processing spec files or RPMs?
(Continue reading)

Permalink | Reply |
headers
Vincent Danen | 20 Oct 20:59
Favicon

Re: obfuscating e-mails in RPM specs

* Solar Designer <solar@...> [2005-10-20 21:43:27 +0400]:

> We're about to start obfuscating e-mail addresses in our RPM spec files,
> and we intend to update all of our existing specs accordingly.
> 
> The syntax we might use is this:
> 
> * Sat Sep 24 2005 Solar Designer <solar at owl.openwall.com> 3.6.1p2-owl15
> 
> My questions are:
> 
> 1. Are others doing the same?  What syntax is being used?
> 
> 2. Is this known to break any software processing spec files or RPMs?
> In particular, I guess the extra spaces might break the separation of
> fields, so should they be avoided?  Maybe use dashes instead?
> 
> 3. Is it even worthwhile to try to come up with a common syntax for this?

I think it's a good idea, and something I never even thought of, but if
you think about things like CVS and rpm2html listings, etc. it's
probably not a bad idea at all.

What about something like solar_at_owl.openwall.com?  No spaces at all;
or even solar_owl.openwall.com?

I'd like to do the same thing and if there is someone else doing it, I'd
rather it be consistent.

--

--
(Continue reading)

Permalink | Reply |

Gmane