incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <>
Subject Re: [ISSUE] Shut-down of all name@ e-mail addresses
Date Wed, 02 Nov 2011 12:16:47 GMT
On Wed, Nov 2, 2011 at 8:04 AM, Shane Curcuru <> wrote:
> I'll butt in with my (non-binding) suggestions.
> On 11/2/2011 12:01 AM, Dennis E. Hamilton wrote:
>> Hi Dave,
>> where I am confused is the focus on Mailing-List forwarding rather than
>> E-mail
>> forwarding.  I can't tell what the intended behaviors are.
>> Let's get clear:
>>  1. If someone posts to one of the old e-mail list addresses (e.g.,
>>, what is intended to happen?  What is the observed
>> behavior?  How does this extend to use
>> of -subscribe, -unsubscribe, -help, -owner (or their OO.o counterparts),
>> etc.
>> ?
> After the final migration, they all bounce.  By then we should have nice
> friendly pages - easily searchable for - that tell past
> product version users which relevant Apache list to use.  And we'll have
> sent several "hey, this list is going away" notes to the old list.

And now that we have control of the wiki and website, we can search
for "" or "mailto:" and ensure that all links to legacy
mailing lists under our control have been updated to point to the new
lists.  So that part is under our control.

As for links to legacy lists from outside the project, these could be
in people's inboxes, in spam target lists, or on other websites.
Breaking these links is a mixed bag.  I won't shed a tear for leaving
the spammers behind.  But if we can have a bot that responds with a
list of new lists, or a link to a web page for more info on the new
lists, then we have the best of both worlds, I think.

>>  2. (a) If someone sends an e-mail to an existing account/e-mail address
>> (e.g.,, what is intended to happen?  What does the
>> individual that it current forwards to get to know or do about it?  The
>> person
>> sending the e-mail?  If the forwarding bounces, what will happen?
>>     (b) If the account is closed/deleted, what are the 2(a) answers.
> After the final migration, if they're not a committer, they bounce. Period.
>  We are not in the business of providing services to non-committers.
> If they're a committer, then it's up to the PPMC to decide if 1) you want
> to, and 2) you will support some software to make committer forwarders
> work somehow.

If we do offer continuation for commiters then we need to consider:

1) Possible backlash from non-committers who are not supported.

2) How do we do this securely?  I'm assuming we will not get access to
the mapping tables from Oracle.  But it would be inadvisable to simple
ask committers "what address do you own?".  Remember,
we're talking about the private emails of real people.  Any mistake in
this routing. accidental, intentional, malicious, social engineering,
etc., will have drastic consequences in terms of data leakage.  With
500,000 forwarding accounts out there, a typographical error likely
maps to a real address of someone else rather than return an error.
So I think we would need some protocol along the lines of:

1) Committer indicates what address they have

2) Infra sends that address an email with a unique
secure token (random number) that identifies that account.

3) Owner responds to ooo-private including their token and indicating
their desired forwarding address

In other words, if we're building our own forwarding table we need to
verify address ownership in some secure way.

> Apache projects use services to do their work.  I certainly
> expect - as such a hugely accessed service - that web access to
> will remain, along with a number of it's key subdomains.  But
> we really need to start thinking like the new Apache project that we're
> running, and not like some strange continuation of the past Oracle project
> that is now... unsupported.


> - Shane
>>  - Dennis
>> -----Original Message-----
>> From: Dave Fisher []
>> Sent: Tuesday, November 01, 2011 20:35
>> To:
>> Cc:; 'Joe Schaefer'
>> Subject: Re: [ISSUE] Shut-down of all name@ e-mail
>> addresses
>> On Nov 1, 2011, at 8:07 PM, Dennis E. Hamilton wrote:
>>> Whoa, now I am really confused.  This seems to have gone in the opposite
>>> direction than what I thought.
>>> First it narrowed down to privileging some small set of BZ users.
>>> And then protecting our committers that have email
>>> addresses.
>>> Also, I don't think there had been any intention to preserve the
>>> mailing lists.  Also, setting their addresses to forward
>>> to a
>>> different list that is not subscribed to is just weird.  So I don't
>>> understand the list forwarding scenario.
>>> And I have seen no one talk about moving the subscriber lists and adding
>>> those subscribers to a list they did not opt into.
>> Joe and I discussed doing it w/o subscriber lists. As a pure forwarder
>> that's
>> choice one and two.
>>> I hope I misunderstand the common understanding about that.
>> You do. See my other reply.
>> [ ... ]

View raw message