Fwd: [ alexandria-Support Requests-1693049 ] "private" bit on mailing list not being honored

Luke Schierer lschiere at users.sf.net
Mon Apr 2 11:31:49 EDT 2007 

We have a serious breach. The gaim-cabal at lists.sf.net mailing list,
which we used up until I was able to set up pidgin.im and create
cabal at pidgin.im on it, is no longer private.

SF's admin page still shows the list as being a private list, and
the list admin page still thinks it is as well.  In fact, if you
try to go to the list archives via that page, it will take you to
the private url that the archives *used* to be at, but which now
produces a 404 error, because the archives are no longer there.

Testing by logging out of sf, I am able to see the list in the mailing
lists drop down from www.sf.net/projects/gaim and to see the full
archives, now in a public archive space.

This has come to our attention because someone asked a question about it
in #gaim.

I have submitted SF support request # 1693049, marking it private, as
that is SF's current policy for security related issues. 

Still, I think this forces our hand.  I think we now *must* in short
order go public with this. Who knows how many others have seen this.

luke

----- Forwarded message from "SourceForge.net" <noreply at sourceforge.net> -----

Date: Mon, 02 Apr 2007 08:26:46 -0700
From: "SourceForge.net" <noreply at sourceforge.net>
To: noreply at sourceforge.net
Subject: [ alexandria-Support Requests-1693049 ] "private" bit on mailing list not being honored

Support Requests item #1693049, was opened at 2007-04-02 11:26
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=200001&aid=1693049&group_id=1

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Project Mailing Lists/Archives/Services
Group: None
Status: Open
Priority: 5
Private: Yes
Submitted By: Luke Schierer (lschiere)
Assigned to: Nobody/Anonymous (nobody)
Summary: "private" bit on mailing list not being honored

Initial Comment:
We have a private list, gaim-cabal, set up in the SF list interface.  The admin page still shows this list as being private.

However, today I find, most unpleasently, that this list, and its full archive, is viewable by those not even logged in to the sf page at all.  Moreover, if I try to go to the archive via the list admin page, it *tries* to take me to a private archive, but fails.  No doubt because the archive is *not* now in the private space, but in the public space.

Please fix this so that the list is again private ASAP.  We set that list up to discuss things amoung project members that legal council advised us should not yet be made public.  Clearly we should not be trusting SF at all with such data, and in the future will not, but we do need to fix the current breach. 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=200001&aid=1693049&group_id=1


----- End forwarded message -----

More information about the Cabal mailing list