Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Oct 2005 20:24:57 +0200
From: Andreas Ericsson <ae@....se>
To: xvendor@...ts.openwall.com
Subject: Re: obfuscating e-mails in RPM specs

Solar Designer wrote:
> Hi,
> 
> We're about to start obfuscating e-mail addresses in our RPM spec files,
> and we intend to update all of our existing specs accordingly.
> 
> The syntax we might use is this:
> 
> * Sat Sep 24 2005 Solar Designer <solar at owl.openwall.com> 3.6.1p2-owl15
> 

This is a bit too common. Most harvesting engines will understand it if 
they try at all. The <> signs are a dead giveaway for them to try a bit 
harder.

> My questions are:
> 
> 1. Are others doing the same?  What syntax is being used?
> 

Others are doing the same with various syntaxes. I've seen
foo.bar@...e.where.com
turned into
foo_dot_bar_at_some_dot_where_dot_com (which is a bit stupid IMO).
foo@...@...e@...re@... (which is even dumber)
foodotbaratsomedotwheredotcom (not only dumb, but also unreadable)
foo.bar#some.where.com (which is sort of neat and tidy)
foo:bar@...e:where:com (clever harvesting engines break this on account 
of : being a member of the interpunctuation class)
foo dot bar at some dot where dot com (hard to read)
foo#dot@...e#where#com (works, sort of)

The list goes on...

> 2. Is this known to break any software processing spec files or RPMs?
> In particular, I guess the extra spaces might break the separation of
> fields, so should they be avoided?  Maybe use dashes instead?
> 

I'm not sure what sort of programs that would be, but changelog comments 
*should* be parsed based on the fact that they start with an asterisk on 
a single line followed by one or more lines that start with a dash. This 
is the format RPM itself requires anyways.

> 3. Is it even worthwhile to try to come up with a common syntax for this?
> 

It might be worth coming up with an uncommon syntax for it. The most 
important thing is to make sure you can whip up a small sed-script or 
some such to take care of turning it back again if that's ever necessary.

-- 
Andreas Ericsson                   andreas.ericsson@....se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ