This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: addresses.txt file leaks into search engines
Type: Stage:
Components: Versions:
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: georg.brandl, orsenthil, pitrou, skip.montanaro
Priority: normal Keywords:

Created on 2011-03-16 17:28 by skip.montanaro, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (10)
msg131145 - (view) Author: Skip Montanaro (skip.montanaro) * (Python triager) Date: 2011-03-16 17:28
The python.org postmaster received this email today:

--------------------
From: Tom Pinckney <thomaspinckney3@gmail.com>
To: postmaster@python.org
Subject: public email addresses
Date: Wed, 16 Mar 2011 13:03:21 -0400
X-Spambayes-Classification: ham; 0.13

Kind of sucks that this file 1) exists 2) is indexed by google and 3) my email is in i\t. I found it by googling my email address to see what would come up.

http://hg.python.org/pymigr/file/e727de0dfeec/addresses.txt
------------

I've asked the website team to see if they can adjust the robots.txt
file, but is there something we can do to a) make it less likely that
this file is harvested, or b) increase the obfuscation of the email
addresses? (Maybe the entire file could be rot13?)
msg131194 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-03-16 23:11
> I've asked the website team to see if they can adjust the robots.txt
> file

Is there a problem with the robots.txt? It already disallows all robots.
If Google ignores the robots.txt, then someone should complain to Google.
msg131325 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2011-03-18 11:06
Why should we have this file served on the web itself? Cannot it be on server outside of www ( or any directory which is getting served). I would vote for this.
msg131326 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-03-18 11:09
The question is not "why", it is "how". This file is part of the scripts used to migrate from svn to hg. These files themselves were maintained in an hg repository (it could have been an svn repository), for obvious practical reasons. And that repository was online since there didn't seem any reason to do otherwise (and, again, it's more practical).

We could of course make this repo less visible now (but I think we still need to migrate the peps repo). Georg?
msg131405 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2011-03-19 10:39
Sure, the repo can go private if deemed necessary.  I still think this is not a big deal anyway.
msg131421 - (view) Author: Skip Montanaro (skip.montanaro) * (Python triager) Date: 2011-03-19 14:29
Tom Pinckney thinks it's a big deal.  I suspect he might be interested
to know why you think it's not.  We are entitled to our own opinions
about privacy, but the request at hand concerns another person's
privacy.  He's the one you need to convince.
msg131422 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2011-03-19 14:42
As I said, I'm not opposed to make the repo private.  I don't need to convince anyone.  You sound like you're trying to change my opinion here.
msg131432 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-03-19 18:01
Ok, the repo is now private.
msg131435 - (view) Author: Skip Montanaro (skip.montanaro) * (Python triager) Date: 2011-03-19 18:44
I interpreted "not a big deal" to mean that having addresses exposed
was not a big deal.  Too many pronouns perhaps.
msg131438 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2011-03-19 19:03
Your interpretation was correct indeed.  It's an email address we're talking about here, which is necessarily a public bit of information, not a private one like a Social Security or credit card number.

Anyway, the repo is now private, so nobody will be able to access any version of the addresses.txt anymore via python.org.
History
Date User Action Args
2022-04-11 14:57:14adminsetgithub: 55784
2011-03-19 19:03:09georg.brandlsetstatus: open -> closed
nosy: skip.montanaro, georg.brandl, orsenthil, pitrou
messages: + msg131438
2011-03-19 18:44:01skip.montanarosetstatus: pending -> open
nosy: skip.montanaro, georg.brandl, orsenthil, pitrou
messages: + msg131435
2011-03-19 18:01:00pitrousetstatus: open -> pending

messages: + msg131432
resolution: fixed
nosy: skip.montanaro, georg.brandl, orsenthil, pitrou
2011-03-19 14:42:29georg.brandlsetnosy: skip.montanaro, georg.brandl, orsenthil, pitrou
messages: + msg131422
2011-03-19 14:29:39skip.montanarosetnosy: skip.montanaro, georg.brandl, orsenthil, pitrou
messages: + msg131421
2011-03-19 10:39:55georg.brandlsetnosy: skip.montanaro, georg.brandl, orsenthil, pitrou
messages: + msg131405
2011-03-18 11:09:03pitrousetnosy: skip.montanaro, georg.brandl, orsenthil, pitrou
messages: + msg131326
2011-03-18 11:06:10orsenthilsetnosy: + orsenthil
messages: + msg131325
2011-03-16 23:11:21pitrousetnosy: + georg.brandl, pitrou
messages: + msg131194
2011-03-16 17:28:55skip.montanarocreate