Re: [Mailman-Users] [Mailman-cabal] GDPR
Dimitri Maziuk wrote: > On 05/11/2018 04:55 PM, Julian H. Stacey wrote: > I think the basic inconvenient truth is nobody's going to come after you > unless you have money to pay the settlement. Not `Nobody' but `Very few' & then a major pain best pre-deterred. Most volunteer unpaid admins not working for employers, have no employer protection, but will still have personal savings they wouldnt want at risk. The attention to GDPR in an increasingly litigous world will encourage more complainers & more ambulance chasing lawyers looking for jobs. There's also the occasional looney that's really malicious: (eg back running majordomo, I saw a few swine report a whole domain as a spammer, as they were too lazy to learn to unsubscribe themselves, they also emitted all sorts of time wasting annoying threats, best warn people before they start ) A generic in distribution + site supplemental link to an empty dummy would be well worth the few hours it would take to write. We could start drafting our own under various http://mailman.YOUR-DOMAIN/mailman/listinfo#legal & share URLs & ides here, then someone could merge for distribution ? > I expect the impact on > "smaller lists run by Unpaid Volunteers" to be about on par with that of > the right to be forgotten. How many people here had to delete messages > and rebuild the archives because of it? Not me yet, I want to deter users from wasting admin time requesting anything. > And besides, I've done that a few times cleaning up spam that got past > the filters -- it's not *that* hard. Good. Cheers, Julian -- Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU. UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3. Petition for votes: http://berklix.eu/queen/ -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Dimitri Maziuk writes: > On 05/11/2018 04:55 PM, Julian H. Stacey wrote: > ... > > I think the basic inconvenient truth is nobody's going to come after you > unless you have money to pay the settlement. I think the basic inconvenient truth is that *some*body *will* come after *some*body else on the basis that they *might* have enough money to pay a settlement, or just to make "the responding party's" life hell. I know several people that's happened to in the US, and one in the EU (where things are reputed to be more civilized, but that doesn't mean risk is zero). > I expect the impact on "smaller lists run by Unpaid Volunteers" to > be about on par with that of the right to be forgotten. How many > people here had to delete messages and rebuild the archives because > of it? And besides, I've done that a few times cleaning up spam > that got past the filters -- it's not *that* hard. It would be a much more annoying matter if they claimed the right to be deleted from third party posts that quoted and identified them, though. If there is a "right to be forgotten" that impinges on mailing list archives, that seems plausible to me, though who knows what the High Court would rule. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Julian H. Stacey writes: > Best action for least effort, IMO is first someone to agree to > commit a big default legal disclaimer in the Mailman source > distribution, as a This isn't going to happen if I have anything to say about it. (I may not have all that much to say about it! :-) As far as I can see that would be tantamount to giving legal advice, even if hedged with IANAL TINLA. And it would almost certainly be wrong for many sites. At the very least I would oppose it without opinion of two real lawyers (one from the US where we have some money that could be taken from us and most of our devs live for the TINLA issue, and one from the EU for GDPR interpretation), which I don't think we can afford. [There used to be 60-some lines of suggestion here, which just reinforces my estimate that we cannot afford enough real legal advice to make such a boilerplate disclaimer safe for publication in the distribution.] Counterproposal: we make a wiki page that people can update, with suggested text *and citations to "authorities"* (or real authorities, where possible) explaining the use cases and limitations of those EULA clauses. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/12/2018 02:39 PM, Stephen J. Turnbull wrote: It would be a much more annoying matter if they claimed the right to be deleted from third party posts that quoted and identified them, though. If there is a "right to be forgotten" that impinges on mailing list archives, that seems plausible to me, though who knows what the High Court would rule. I wonder if the entire post (and any partial / quoted copies) must be deleted or if it is sufficient to modify them so that they do not reflect the author but still retain (non-PII) content. That would be less of a negative impact on archives. God forbid if blockchain was used on the archive. }:-) -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/12/2018 03:39 PM, Stephen J. Turnbull wrote: > I think the basic inconvenient truth is that *some*body *will* come > after *some*body else on the basis that they *might* have enough money > to pay a settlement, or just to make "the responding party's" life > hell. Possibly. Also an asteroid size of Texas will hit the Caribbean at some point in this planet's lifetime and I don't believe I should start building an asteroid-killing Death Star just yet either. And besides, I strongly suspect that all the legalese one can write for the mailman's starting page will have a little unguarded duct in it leading all the way to the soft chewy core and... KABOOM! I.e. I'm talking the cure worse than the disease. Especially when there are no observable symptoms yet. -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu signature.asc Description: OpenPGP digital signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
Hi all! On 12/05/18 22:48, Grant Taylor via Mailman-Users wrote: > On 05/12/2018 02:39 PM, Stephen J. Turnbull wrote: >> It would be a much more annoying matter if they claimed the right to >> be deleted from third party posts that quoted and identified them, >> though. If there is a "right to be forgotten" that impinges on mailing >> list archives, that seems plausible to me, though who knows what the Well, it's the very nature of an archive that everything stays there (similar to a backup). >> High Court would rule. > > I wonder if the entire post (and any partial / quoted copies) must be > deleted or if it is sufficient to modify them so that they do not > reflect the author but still retain (non-PII) content. That would be The other aspect of a mailing list archive is that one can find it and may want to ask the original author something about the issue there. On the other hand deleting the mail address (on the mail server side by the author) also kills that communication line. One other thing: And if someone (as a current or former mailing list member) has the right to get the email address, name and signature removed in one mail, does the mailing list admin has the right to delete *all* the instances or only the actively requested/mentioned ones? And what about other mail addresses of the same person? > less of a negative impact on archives. > > God forbid if blockchain was used on the archive. }:-) Does anyone know how the "blockckain is the solution to everything" faction handles these issues? It's not that they can ignore that either - if only to discuss the question how personal the wallet address (or whatever it is called) is. Or can we kill the whole problem by using a blockchain for a mailinglist archive archive? MfG, Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On 05/12/2018 03:35 PM, Bernd Petrovitsch wrote: Well, it's the very nature of an archive that everything stays there (similar to a backup). Yes. But I believe that GDPR has implications on expunging things from archives / backups too. Not doing so is not within the spirit of forgetting someone. The other aspect of a mailing list archive is that one can find it and may want to ask the original author something about the issue there. Yes. IMHO that's one of the wonderful things about public email archives. On the other hand deleting the mail address (on the mail server side by the author) also kills that communication line. I would rather have a GDPRed (read: anonymized) copy of a message than no message at all. Consider if you will, someone publishing a How To for something quite rare, including all the necessary steps and minutia. Then they subsequently leverage GDPR to be forgotten. Would you want their how to to be removed (possibly taking the only / best source of said information with it) or simply anonymized so that it no longer reflects the sender? I personally would STRONGLY prefer the latter. The former causes destruction / loss of usable information that is not related to the sender. One other thing: And if someone (as a current or former mailing list member) has the right to get the email address, name and signature removed in one mail, does the mailing list admin has the right to delete *all* the instances or only the actively requested/mentioned ones? And what about other mail addresses of the same person? My understanding of (the pertinent part of) the spirit of is that the person has the right to be forgotten. Thus, I would think that any and all references to the person would need to be modified so that the person is forgotten. So I do believe that means that the mailing list admin would have the obligation to modify all instances of the requester in the archive. Now, this brings up a question: Is the mailing list administrator also responsible for my private archive of messages that I received while subscribed to a mailing list they administer? Does anyone know how the "blockckain is the solution to everything" faction handles these issues? It's not that they can ignore that either - if only to discuss the question how personal the wallet address (or whatever it is called) is. First, IMHO blockchain is NOT the solution to everything. It is a technique that happens to be a buzzword. Further, blockchain is specifically designed to detect modification. What is done when something is detected is likely implementation dependent. Remember that blockchain is a LOT more than just crypto currency. Crypto currency happens to be a heavy user of blockchain because it is possible to detect modifications. Blockchain can be used for a LOT of other things. I've heard references to using it for system logs as a way to prove that logs have not been modified after the fact. Or at least detect if they have been modified. My understanding is that blockchain is meant to make the historical portion of what it's used for be immutable. (Or detectable.) Or can we kill the whole problem by using a blockchain for a mailinglist archive archive? I think using blockchain for mailing list archives would be the wrong way to go. 1) We have no motivation (problem that needs to be fixed) to migrate away from what's been used for decades. 2) Moving to blockchain would be seen as an attempt to avoid GDPR. 3) The attempt would quite likely fail in and of itself. 4) The bad motivation would be known (see #1) and as such, invalidate any attempt to migrate to blockchain for mailing list archives. 5) We would still need to have a way to delete things. 6) We would likely get into trouble with GDPR for going out of our way to snub our faces at GDPR. I think most uses of blockchain are bogus and I'm ready for the buzz word to go away. I mentioned it because GDPR and blockchain are sort of antipodes when it comes to the right to be forgotten. -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Internationalizing administrative aliases
Hello all, I'd like to know whether it's possible to internationalize addresses for list control, like mylist-owner, mylist-subscribe, mylist-unsubscribe... I tried editing the file /usr/lib/mailman/data/aliases and then running /usr/ lib/mailman/bin/genaliases, but it doesn't work, even after restarting the server the default addresses are still the only ones valid. I should add that the new addresses had only ASCII characters. Is it possible at all? Rubén -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
