cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Crossley <>
Subject Re: viruses from committer addresses
Date Wed, 24 Apr 2002 07:43:53 GMT
Christian Haul wrote:
> is it just me or are the rest of the team also receiving bogus emails
> pretending to be from another committer bearing sensible cocoon
> subject lines? (Bless terminal based mail user agents!)
> Does Apache sport a public key infrastructure?
> 	Chris.
> -- 
> C h r i s t i a n       H a u l
>     fingerprint: 99B0 1D9D 7919 644A 4837  7D73 FEF9 6856 335A 9E08

I did receive something strange (text spam, no attachments),
pretending to originate from the xml-commons-cvs listserver.
(All cocoon committers are also committers of xml-commons
by default.) I forwarded the email, with full headers, to the
apmail alias.

Obviously this is a worrying trend. I was already worrying
about the fast increasing general email spam. We are more
vulnerable because all opensource participants get their
email address plastered across the Internet for free.

Harvesting the legitimate and reliable IDs would be easy,
i expect. (Cocoon probably makes it easier = shot-in-foot.)

Ovidiu, your comment about not being able to do useful work
has been at the back of my mind. I dread the day when the
flood of email spam is too great. Now the origin is also in doubt.
Email has been an excellent tool, were would we be without it.

Christian, what are you suggesting with your PKI enquiry above.
--David Crossley

To unsubscribe, e-mail:
For additional commands, email:

View raw message