addresses.txt file leaks into search engines

[smontanaro]

BPO	11575
Nosy	@smontanaro, @birkenfeld, @orsenthil, @pitrou

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2011-03-19.19:03:09.688>
created_at = <Date 2011-03-16.17:28:55.769>
labels = []
title = 'addresses.txt file leaks into search engines'
updated_at = <Date 2011-03-19.19:03:09.686>
user = 'https://github.com/smontanaro'

bugs.python.org fields:

activity = <Date 2011-03-19.19:03:09.686>
actor = 'georg.brandl'
assignee = 'none'
closed = True
closed_date = <Date 2011-03-19.19:03:09.688>
closer = 'georg.brandl'
components = []
creation = <Date 2011-03-16.17:28:55.769>
creator = 'skip.montanaro'
dependencies = []
files = []
hgrepos = []
issue_num = 11575
keywords = []
message_count = 10.0
messages = ['131145', '131194', '131325', '131326', '131405', '131421', '131422', '131432', '131435', '131438']
nosy_count = 4.0
nosy_names = ['skip.montanaro', 'georg.brandl', 'orsenthil', 'pitrou']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = None
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue11575'
versions = []

[smontanaro]

The python.org postmaster received this email today:

--------------------
From: Tom Pinckney <thomaspinckney3@gmail.com>
To: postmaster@python.org
Subject: public email addresses
Date: Wed, 16 Mar 2011 13:03:21 -0400
X-Spambayes-Classification: ham; 0.13

Kind of sucks that this file 1) exists 2) is indexed by google and 3) my email is in i\t. I found it by googling my email address to see what would come up.

http://hg.python.org/pymigr/file/e727de0dfeec/addresses.txt
------------

I've asked the website team to see if they can adjust the robots.txt
file, but is there something we can do to a) make it less likely that
this file is harvested, or b) increase the obfuscation of the email
addresses? (Maybe the entire file could be rot13?)

[pitrou]

I've asked the website team to see if they can adjust the robots.txt
file

Is there a problem with the robots.txt? It already disallows all robots.
If Google ignores the robots.txt, then someone should complain to Google.

[orsenthil]

Why should we have this file served on the web itself? Cannot it be on server outside of www ( or any directory which is getting served). I would vote for this.

[pitrou]

The question is not "why", it is "how". This file is part of the scripts used to migrate from svn to hg. These files themselves were maintained in an hg repository (it could have been an svn repository), for obvious practical reasons. And that repository was online since there didn't seem any reason to do otherwise (and, again, it's more practical).

We could of course make this repo less visible now (but I think we still need to migrate the peps repo). Georg?

[birkenfeld]

Sure, the repo can go private if deemed necessary. I still think this is not a big deal anyway.

[smontanaro]

Tom Pinckney thinks it's a big deal. I suspect he might be interested
to know why you think it's not. We are entitled to our own opinions
about privacy, but the request at hand concerns another person's
privacy. He's the one you need to convince.

[birkenfeld]

As I said, I'm not opposed to make the repo private. I don't need to convince anyone. You sound like you're trying to change my opinion here.

[pitrou]

Ok, the repo is now private.

[smontanaro]

I interpreted "not a big deal" to mean that having addresses exposed
was not a big deal. Too many pronouns perhaps.

[birkenfeld]

Your interpretation was correct indeed. It's an email address we're talking about here, which is necessarily a public bit of information, not a private one like a Social Security or credit card number.

Anyway, the repo is now private, so nobody will be able to access any version of the addresses.txt anymore via python.org.