On 2024-05-28 19:47, Atri Bhattacharya wrote:
Carlos E. R. wrote:
On 2024-05-28 18:38, Atri Bhattacharya wrote:
David C. Rankin wrote:
I knew that spastic cat was nothing but trouble from day-one.
Not only was the interface horrid, but now it appears it was a supply-chain attack and spam-bot/backdoor all rolled into one. The old listserve/mailman starts looking pretty good at this point. Hyperkitty is free software maintained by the work of unpaid volunteers dedicated to the project. There is no back-door and no supply-chain attack. But I guess expecting you to understand that is reaching too far. Not a surprise why fewer and fewer devs read this
Seeing hard pejoratives used to demean specially-abled living beings casually thrown around on these lists is shocking but not surprising and reveals more about the quality of this ML than any spam. particular list. I know that some of the admins that installed mailman in our system repent from that decision and wouldn't repeat it.
Which is very different from saying what the previous poster said.
Hyperkitty has a security hole, which is allowing people that identify as google users to post here with just that authentication. This feature should be removed.
Agree, this could be a first step towards limiting spam.
Btw, it is not just google users: any open-id provider can be used to register and start sending emails right away. Maybe we should implement a cool-off period (say, 30 days) before any new non-openSUSE open-id based user can post to the list.
Google is notorious for not fighting spam, they allow anyone to register. For another example of how little they care, they flooded Usenet with thousands and thousands of spam mail, and nobody would listen to the many complaints. In the end, they killed Google Groups instead of placing one person to cull spam by normal means. All the spam I have noticed via hyperkitty comes from Google users. Thus as a first measure it would work. if then spam enters via another method we would have to investigate that other method. For the moment, we have to prohibit entering hiperkitty with a gmail auth, or putting those users under automatic moderation. I looked if that is possible, but no, the interface allows filtering on a single header, not two with an and condition. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)