Re: [Mailman-Users] Possibly OT: GDPR and list servers
On Wed, May 09, 2018 at 02:39:09PM +0200, Julian H. Stacey wrote: > Andrew Hodgson wrote: > > Has anyone in the EU come across the GDPR guidelines in the context of > > Mailman? We are a charity and run Mailman as part of that with some high > > traffic email lists. I am getting a lot of conflicting information > > regarding whether we can even continue to do this in the current climate, > > most of it coming from half baked documents or different people's opinion, > > so I wanted to put it out there to see if there is anything that the > > community may have that we can use or help with in a co-ordinated way. > GDPR seems the latest government imposed plague ** to consume > business time unpaid, along with VAT etc. Bigger companies can > afford it, but for some small companies it's last nail in the coffin. The attitude that I have taken with mail lists is that: * all those on the list subscribed themselves - they thus, at that time, gave their consent to mailman/list-owner to have their email address for the purpose of sending email; also on the sign up page I mention list archiving, etc. * those on the list can unsubscribe themselves - a reminder of the list web page is at the foot of every email. Job done. There is a lot of hype about the GDPR, much of it inflated by those who either do not understand it or those who are selling DDPR 'services'. GDPR is not designed to hit things like mailman lists, or web sites that do not collect and process personal information. ''process'' is the important word - the fact that someone's IP address ends up in your Apache logs is of little interest unless you mechanically process them -- using them to track down some bug or attempt at cracking the web site would not fall foul of GDPR. Summary: play nice (ie don't be facebook) and you are probably OK. > ** Remember the ISO 9000 certification plague ? When industry > threw out good equipment that wasn't ISO 9000; & even banks bored > us they too were ISO 9000 method compliant. Yes. I just ignored it. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/contact.php #include -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-cabal] GDPR
On Sat, May 12, 2018 at 01:06:15AM +0900, Stephen J. Turnbull wrote: > I hate to disagree with everybody, but ... > > We need to get an articulare European lawyer, or at least find someone > who has studied the subject. I don't know the credentials of anyone > who has posted on this list, so I would be careful. There was a post > a few months back listing a bunch of stuff that person claimed we > needed to support for our users (ie, list owners) to be able to > conform to GDPR. (Sorry, on a plane right now, search is painful.) > I have no idea if that person was clueful, but I suspect he was a > privacy activist and so would be biased toward stringent > interpretation. Still that post is where I'd start. > > On the FUD end of the spectrum, there are claims that the IPs in your > webserver log are subject to redaction on request. There are > counterclaims that that is FUD. ;-) [ first: IANAL ] It is FUD. Yes, you could argue that an IP address is a form of 'personal information' (PI), in that it might identify someone. But you are allowed to keep such information for the purposes of debugging server problems, tracking down attempted break ins, etc. So you can keep the logs for a reasonable time to allow you to do that. How long: the default log recycling times (eg a few weeks to a couple of months) would be reasonable. Some have suggested 2 days - but it is easy to justify that that is not long enough since many problems do not become known for some time. One confusion is that the GDPR does not prevent you keeping PI (eg as above), but there are strictures on *processing* it, eg with the purpose of sending spam. *processing* it to trace a break in would be allowed - you are not seeking to identify or act on the individual -- unless s/he was the reprobate who attacked your machine. A huge number of organisations are now seeking reaffirmation that you want to receive email from them, this is because they do not have adequate documentation that you want to receive email. My view is that the mailman log files show when a user requested to join a mail list (eg the subscribe file); if they asked to be subscribed and someone else did it, then the email/signup-form should be kept. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ > I don't know the credentials of > either claimant. It is my understanding that you may need to remove > posts from archives on request. AFAIK neither Mailman 2 nor Mailman 3 > supports that in the sense of making it possible to do it without > editing the archives by hand (and in Mailman 2's case, rebuilding the > archives), which requires login access to the host. There is a right to be forgotten https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ > There are also claims that if you don't profit from the data stored in > your host's records, you're safe. Some people have posted "all posts > yours are automatically permanently ours" rules of usage -- but I > don't think EU law necessarily allows that, because GDPR rights may > very well be inalienable "creator's rights". I have no way to > evaluate these claims, but at the very least you have to worry about > frivolous claims (insert Michael Cohen/Rudy Guiliani joke here). > > Footnotes: > [1] If someone reading this thinks they know GDPR well enough to (1) > present basic concepts and risks (while liberally sprinkling IANALs and > TINLAs around) and IANAL > (2) point people at real lawyer blogs, But beware: there is a mini-industry of people who try to worry organisations and seek to advise you (at a fee - of course). -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/contact.php #include -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2?
On Wed, Apr 10, 2019 at 11:36:24AM -0400, Matthew Goebel wrote: > Now that all support for Python 2 is supposed to go away in 2020 are people > going to move off of mailman 2? Most of my mailman lists are run off a CentOS 6 box, have done for a long time, quite stable. CentOS 8 will (is expected to) be out later this year; when that happens I will upgrade the whole machine - before CentOS 6 EOLs. CentOS 8 will have the version of Python need to support MM3, so I will upgrade and copy over my lists at that point. I am expecting that there will be a few issues (there always are) but will give me some new abilities; based on quick browsing of the MM3 docs I will be able to keep rosta information in an SQL database rather than a Python pickle; this will let me do interesting things like easy interface with other subsystems. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/contact.php #include -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Re: Removing subscriber with illegal email format
On Fri, Dec 27, 2024 at 09:55:26PM +, Alain D D Williams wrote: > On Fri, Dec 27, 2024 at 09:20:46AM -0600, Scott Neader wrote: > > Hello all! Somehow, one of our Mailman2 lists has a member with a bad Whoops - just noticed mailman2 rather than mailman3; sorry. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
[Mailman-Users] Re: Removing subscriber with illegal email format
On Fri, Dec 27, 2024 at 09:20:46AM -0600, Scott Neader wrote: > Hello all! Somehow, one of our Mailman2 lists has a member with a bad > email address, in the format of user@@example.com (i.e. two @ symbols). > This is breaking at least one cron (disabled) > > I've tried removing the address via the backend admin, as well as command > line, but it's not working. > > Any other ways to remove it? A somewhat dirty way but how to fix rather than remove: Open up your database command line interface: use mailman3; -- choose that database select * from address where email like "user@@example.com"; That will give you an id -- so if the value is 50: update address set email="u...@example.com" where id=50; -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
