On Mon, Jan 16, 2006 at 02:09:19PM +0100, Max Vozeler wrote:
> > > I suppose we could archive the list in an mbox local to the
> > > server and bounce (as in mutt <b>) messages to debian-audit or a
> > > dedicated list when they should be disclosed. Or just publish
> > > one mbox per bug with the complete discussions.
> >
> > That, or have some kind of pseudo header that would track a database
> > (i.e. a plain text file) where headers are associated with status
> > (i.e. disclosed / non-public) and have it publish headers of mails
> > that have been already disclosed.
>
> That sounds feasible. I sense one downside though: If someone
> accidentally sends a message with wrong subject, information might be
> disclosed prematurely. But it could default to PRIVATE if no known tag
> was found, so this is probably a non-issue. OTOH, doing the disclosure
> by hand has the advantage that all related messages from different
> threads could be included or certain messages be excluded if they
> contain information that is still considered confidential.
Yes, "default deny" would seem sensible. An having the robot being able to
open up (upon explicit, and signed, requests) a given Message-ID in case
somebody did it wrong would be sensible too. This could be just a mail to the
robot with a given pseudo-header or an entry in the file itself with a
different format...
Regards
Javier