Re: Mail thread references in commits

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Greg Stark <stark(at)mit(dot)edu>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Joshua Drake <jd(at)commandprompt(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Mail thread references in commits
Date: 2016-12-01 21:33:20
Message-ID: 15192.1480628000@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Wed, Nov 30, 2016 at 1:50 PM, Greg Stark <stark(at)mit(dot)edu> wrote:
>> I can't say I feel especially strongly either way on this but just to
>> toss out a small thing that might make a small difference....
>>
>> If you happen to know how your message-ids are generated then you
>> might be able to do something useful with them. For instance, you
>> could search all git commits for urls to messages you wrote -- for
>> instance any commit that has CAB7nPq is referencing a message written
>> by Michael Paquier.
>>
>> On the other hand you could put something naughty in the message-id
>> forcing everyone else to use URLs with dirty words in them. Or with
>> words like "terrorist" in them. Or with some javascript/html injection
>> attack of some sort...

> ...or the name of your company/your email hosting provider's company...

I think this is a straw man. We've already decided to use message-IDs
as the basic identity of messages for this purpose; other proposals
were considered before and rejected as too inconvenient.

When and if somebody tries to game that, we can do something about it,
but I'm not very worried. It's not like it's not trivial to get your
company's name, or $badword of your choice, into the archives already.
The former is more or less standard practice, in fact, as per this
very message:

> --
> Robert Haas
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2016-12-01 21:41:51 Re: Proposal: scan key push down to heap [WIP]
Previous Message Tom Lane 2016-12-01 21:27:01 Re: Parallel safety of CURRENT_* family