Closed jomo closed 8 years ago
bnoordhuis
commented
8 years ago I don't think restricting the AUTHORS would help. Once you have a commit in, it's easily trawled through GitHub's web interface (case in point) and the dozens of mirrors across the web.
It's not a problem that's restricted to node.js either. I still get spam on a throwaway address I used for a couple of linux kernel commits in 2002-2003.
jomo
commented
8 years ago Yes, as I said it can't be prevented completely, but GitHub does quite a good job at hiding email addresses (html, at least). Patch files are hard to find, I'm not even sure if they're linked at all – compared to the AUTHORS file at the root of a (slightly popular :) repo which is an easy target for bots.
Removing ("restricting"?) the file wouldn't solve the problem, but I'm sure it would help since the spam only started once my address was on that list.
If including the file in releases and leaving the generate tool for everybody else is acceptable we could save future contributors from a couple of annoying emails. Or am I missing an obvious use case for that file?
rvagg
commented
8 years ago Currently it's an important part of celebrating people's involvement in the project, we have two levels -- AUTHORS and the list on the README.md, it might be an annoyance to you but it's a badge of honour to a lot of people to be able to say they got some changes into Node.js, and "oh look, here's the proof!". You're welcome to put in a PR to .mailmap to get it to write your name/email differently if you'd like.
Personally I gave up on protecting my email addresses years ago, no point, I just have to lean on spam filters.
jomo
commented
8 years ago I see, thanks for your reply :+1:
The authors are listed in the git history, in fact that's exactly what is used to generate the AUTHORS file.
I started receiving spam via my github-only email address shortly after it was included in the file. Surely spam filters can catch these, but I'm very careful with where I place my mail address and this is the 100% single source of all spam I am receiving. Of course this can't be completely prevented, but I don't see any purpose for the AUTHORS file other than listing all authors with their email addresses, making them an easy target for spam bots. I can't think of a situation where one would need that list and where the git history would not be available.
I understand that there should be a list of authors when the git history is not available, so why not include the AUTHORS file in release builds, similar to the binaries (which are not included in git but rather built from the source)?