Closed williewillus closed 1 year ago
williewillus
commented
1 year ago Author search is left enabled because the threat of spamming isn't changed by disabling it; if you're a spammer and you already have an email address in hand, there is no point in doing an author search for more packages, you can already start sending spam to the address.
williewillus
commented
1 year ago Also removed emails from the search results listing
jryans
commented
1 year ago I'll work on deploying this change now.
jryans
commented
1 year ago This has now been deployed. 😄
The server is working on re-rendering each package page, but you can see from the ones that have updated (e.g. https://pkgs.racket-lang.org/package/binutils) that it looks correct.
The Racket package catalog shows author emails plainly without any redaction or mangling, making it easy for scrapers and scammers to harvest emails. My listed address has been getting tens of spam emails due to this exposure. The only other thing I've used that address for is to comment on the AUR, but the AUR user system does not expose the email address of members, so it's probably the Racket package server.
As comparison, here's what other package hosting sites do:
Altogether, I think we should hide these for now. Users can go to the codeforge/website of the package for contact information.
See issue #77 for more context and discussion.