Avoiding legal email signatures

On Sat, Jun 09, 2007 at 06:14:00PM -0400, Bruce Momjian wrote:

I know we have talked about how to avoid legal email signatures on this
list. One idea would be for a small percentage of our users to ignore
emails with a legal signature. I know I am less likely to reply to such
an email.

The problem with that is that you ding people inside large
corporations that are _trying_ to adopt PostgreSQL in the face of
bad corporate policies (like "we standardise on product O" or "all
outbound email gets garbage L appended"). Moreover, people who are
in such environments are often prevented from visiting gmail,
hotmail, or the other likely suspects in order to send their messages
in circumvention of corporate policy. And remember, such people may
not actually be able to prevent the signature going on by just
ignoring policy -- often, it's added at the gateway on the way out
of the server.

I know they're irritating and stupid, but in the context of a mailing
list they also have zero effect, because the mailing list address is
explicitly public. I also know that they use extra space in the list
archive, but if we attempted to purge the list archives of every
worthless bit of nonsense in there, surely this wouldn't be the
number one thing on the list (the semi-annual eruption of knee-jerk
"threads are better" discussions probably take more room, for
example).

What we _could_ do, I suppose, is start mail-writing campaigns to
legal departments in companies that insist on such disclaimers,
pointing out the folly of their ways and asking that the policy be
changed to distinguish between list-posting and non-list-posting
accounts.

A

--
Andrew Sullivan | ajs@crankycanuck.ca
The plural of anecdote is not data.
--Roger Brinner

On Sat, 9 Jun 2007, Bruce Momjian wrote:

If enough people do that, it might coerce people to avoid them, and
perhaps we could put something in the FAQ about it.

You should just say flat-out that the terms of the mailing list are
incompatible with confidentiality and similar legal disclaimers because
the way messages are archived make that technically impossible. Put it in
the FAQ, put it in the message people get when they subscribe. Then
enforce similarly to how bad top posting is dealt with now: everyone
understands that people get only a curt response, perhaps just a pointer
to the relevant documentation, and instead are told the specifics of their
messages can't be addressed on the list while there's a disclaimer
attached.

Just ignoring them altogether will just give the community a bad
reputation for being unresponsive.

--
* Greg Smith gsmith@gregsmith.com http://www.gregsmith.com Baltimore, MD

On Sun, 10 Jun 2007, Andrew Sullivan wrote:

Moreover, people who are in such environments are often prevented from
visiting gmail, hotmail, or the other likely suspects in order to send
their messages in circumvention of corporate policy.

This is all true, but the reality here is that people in such a situation
are usually flat-out violating their corporate policy by posting to the
list at all from inside this kind of company. By allowing it, you're
encouraging them to do something they may very well get into trouble for.
I've watched more than one attempt to sneak open-source source into a
large enterprise get completely blown away because unapproved mailing list
involvement to resolve issues became associated with making corporate
information public.

Ever watched someone get fired for responding to "can you post your config
file?" in an environment where that's a clear violation of corporate
policy? I have.

What we _could_ do, I suppose, is start mail-writing campaigns to legal
departments in companies that insist on such disclaimers

The best reaction to this issue is to kick it back with apologies to the
person who wants help. They're in a better position than you to
straighten out the incompatiblity of their corporation with the
requirements of a public mailing list. You may very well be doing them a
favor to point out the concern rather than continuing a dialog with them.

--
* Greg Smith gsmith@gregsmith.com http://www.gregsmith.com Baltimore, MD

Greg Smith wrote:

On Sat, 9 Jun 2007, Bruce Momjian wrote:

If enough people do that, it might coerce people to avoid them, and
perhaps we could put something in the FAQ about it.

You should just say flat-out that the terms of the mailing list are
incompatible with confidentiality and similar legal disclaimers because
the way messages are archived make that technically impossible. Put it
in the FAQ, put it in the message people get when they subscribe. Then
enforce similarly to how bad top posting is dealt with now: everyone
understands that people get only a curt response, perhaps just a pointer
to the relevant documentation, and instead are told the specifics of
their messages can't be addressed on the list while there's a disclaimer
attached.

Haven't we been over this at least once before? Greg is right, just
document the point and leave it alone. If you want to get really picky
about, make the confirmation email from the subscription process
specifically state that confirming subscription is an acceptance of the
PostgreSQL.Org usage policies which can be found here (insert link).

Have the usage policies state that by using our lists they are giving up
any confidentiality or propreitary gains because the list is *public*.

Joshua D. Drake

Bruce Momjian wrote:

I know we have talked about how to avoid legal email signatures on this
list. One idea would be for a small percentage of our users to ignore
emails with a legal signature. I know I am less likely to reply to such
an email.

Bah.... Bruce come on. The people that are sending the emails with those
disclaimers "DO NOT HAVE A CHOICE". They are being forced to do so by
upper management and legal.

Should we penalize the poor guy in IT that just wants to use our great
product because his boss and attorney's are idiots? If we did that, most
people on this list would be penalized. Regardless of the legal disclaimer.

Joshua D. Drake

On Sun, Jun 10, 2007 at 12:50:11PM -0400, Greg Smith wrote:

This is all true, but the reality here is that people in such a situation
are usually flat-out violating their corporate policy by posting to the
list at all from inside this kind of company.

We don't know that in advance, and we can't know it, either. If
someone wants to do something wrong, that's not our responsibility or
fault; and by posting to a mailing list, the purported cover offered
by the disclaimer is lost (on this we seem to have ample agreement).

I've watched more than one attempt to sneak open-source source into a
large enterprise get completely blown away because unapproved mailing list
involvement to resolve issues became associated with making corporate
information public.

It might not be "sneaking"; it might in fact be two camps within a
company disagreeing about this. Imagine, for instance, the case
where the operations department of a company (to which the current
DBAs report) are opposed to any changes, because their Oracle DBAs
feel threatened and their boss thinks his career is enhanced by a
large budget under management. At the same time, the new product
development department is under pressure to lower costs and deliver
new services without adding more licenses. Since operations controls
the mail servers and the firewalls (and are adding the disclaimer),
the developers will get no help from the operations people in making
things work better. But if the developers really do deliver a new
service that costs substantially less than, say, what it would have
with Oracle, Postgres gradually finds a place in the company. And
these developers have a mandate to change things. That's how change
happens in large companies, and we have to remember that we won't be
talking to the people who don't want the change to happen.

Ever watched someone get fired for responding to "can you post your config
file?" in an environment where that's a clear violation of corporate
policy? I have.

You bet. But what we seem to be asking in this thread is that people
find some way to violate what is clearly a corporate policy, or we
won't help them. We don't _know_ whether some other policy is being
violated, and it's not our responsibility to know it either. Since
we claim that we have such great community support, though, we do
have a responsibility at least to try to support people.

Perhaps we make a policy that corporate-style ("disclaimered") mail
is encouraged to seek support via corporate-style channels (e.g. is
pointed at the commercial support companies). I'm uncomfortable with
such a policy, but it'd be better than "ignore these nasty corporate
victims", which is what the proposal so far sounds like to me.

A

--
Andrew Sullivan | ajs@crankycanuck.ca
I remember when computers were frustrating because they *did* exactly what
you told them to. That actually seems sort of quaint now.
--J.D. Baldwin

All,

Perhaps we make a policy that corporate-style ("disclaimered") mail
is encouraged to seek support via corporate-style channels (e.g. is
pointed at the commercial support companies).  I'm uncomfortable with
such a policy, but it'd be better than "ignore these nasty corporate
victims", which is what the proposal so far sounds like to me.

First off, I'm not clear on why we're discussing this on -hackers; -www would
be the appropriate list. So I'm cross posting; please reply any additional
messages to -www.

Second, I'm not sure why we care. I don't believe that e-mail confidentiality
notices are in fact enforceable, or at least they haven't been in some
high-profile cases which made the news. IANAL, of course.

However:

Haven't we been over this at least once before? Greg is right, just
document the point and leave it alone. If you want to get really picky
about, make the confirmation email from the subscription process
specifically state that confirming subscription is an acceptance of the
PostgreSQL.Org usage policies which can be found here (insert link).

This is a good idea anyway. We should have a list usage policy, and we should
link to if from the subscribe confirmation and from the web subscription
page. In addition to letting people know that e-mail confidentiality footers
will be ignored, we can tell them how the lists are moderated, how to
unsubscribe (can't have this in enough places), not to use HTML mail, etc.

So, who wants to write it?

The only additional idea I have is that we ought to simply strip away any
e-mail footer over 4 lines from the archives. Not only would this purge the
confidentiality footers, it would save us some space in general.

--
Josh Berkus
PostgreSQL @ Sun
San Francisco

Josh Berkus wrote:

The only additional idea I have is that we ought to simply strip away any
e-mail footer over 4 lines from the archives. Not only would this purge the
confidentiality footers, it would save us some space in general.

The effort it would take to write some code to extract the messages from
the archive mboxes, break up the messages into their component parts,
strip excess sig lines, reconstruct the messages, reconstruct the mboxes
and then regenerate the archives would probably equate in dollar value
to the disk space required for another 40 or 50 years worth of archives.

I vote 'lets not bother'

:-)

/D

Dave Page <dpage@postgresql.org> writes:

Josh Berkus wrote:

The only additional idea I have is that we ought to simply strip away any
e-mail footer over 4 lines from the archives. Not only would this purge the
confidentiality footers, it would save us some space in general.

The effort it would take to write some code to extract the messages from
the archive mboxes, break up the messages into their component parts,
strip excess sig lines, reconstruct the messages, reconstruct the mboxes
and then regenerate the archives would probably equate in dollar value
to the disk space required for another 40 or 50 years worth of archives.

A more serious objection is that any automated tool would probably get it
wrong sometimes, and strip important text.

I vote 'lets not bother'

Right. I agree with Josh's idea about mentioning list policies in the
subscription confirmation message, though.

regards, tom lane

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/12/07, Tom Lane wrote:

A more serious objection is that any automated tool would probably get it
wrong sometimes, and strip important text.

I vote 'lets not bother'

Right. I agree with Josh's idea about mentioning list policies in the
subscription confirmation message, though.

Why? If the legal mumbo-jumbo has already got some precedence as being
un-enforcable (even if it's only in a handful of jurisdictions), why
give it even a patina of credibility by addressing it in a policy?
Saying that it's not applicable here implies that is is applicable
elsewhere. To quote Ghandi "first they laugh at you, then they ignore
you, then they fight you, then you win." I say we stick with the
laughing. To that end, I propose should have a policy about being
pelted with scathing sarcasm when the signal to boilerplate ratio
drops below 10:1.

Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGbxln+zlEYLc6JJgRAuaNAJsECSRrgIqR1f5c15P7OszVa34lVgCghWSb
io55WHyChKGQVHCQ9R+z2ec=
=KNyQ
-----END PGP SIGNATURE-----

Andrew Hammond wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/12/07, Tom Lane wrote:

A more serious objection is that any automated tool would probably get it
wrong sometimes, and strip important text.

I vote 'lets not bother'

Right. I agree with Josh's idea about mentioning list policies in the
subscription confirmation message, though.

Why? If the legal mumbo-jumbo has already got some precedence as being
un-enforcable (even if it's only in a handful of jurisdictions), why
give it even a patina of credibility by addressing it in a policy?

We are addressing the "whole" using postgresql.org mailing lists issue.
The legality issue is only part of it.

It is always a good idea to document against stuff like this, just in case.

Joshua D. Drake

Saying that it's not applicable here implies that is is applicable
elsewhere. To quote Ghandi "first they laugh at you, then they ignore
you, then they fight you, then you win." I say we stick with the
laughing. To that end, I propose should have a policy about being
pelted with scathing sarcasm when the signal to boilerplate ratio
drops below 10:1.

Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGbxln+zlEYLc6JJgRAuaNAJsECSRrgIqR1f5c15P7OszVa34lVgCghWSb
io55WHyChKGQVHCQ9R+z2ec=
=KNyQ
-----END PGP SIGNATURE-----

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org

--

=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/

Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

"Joshua D. Drake" <jd@commandprompt.com> writes:

Andrew Hammond wrote:

Why? If the legal mumbo-jumbo has already got some precedence as being
un-enforcable (even if it's only in a handful of jurisdictions), why
give it even a patina of credibility by addressing it in a policy?

It is always a good idea to document against stuff like this, just in case.

If push came to shove, which I sure hope it never does, being able to
say "you agreed to these terms of use of the mailing lists" would be
an excellent defense. They'd have to argue "that's not binding because
we didn't legally agree", whereupon we could reply "sure, and your
disclaimer is equally not binding because we didn't agree to it".
Whereupon they slink away quietly. Without such a reply they might
manage to get a court to listen for awhile before throwing them out.

If there's anything I've learned about matters legalistic, it's that
it's always better to have more than one line of defense.

regards, tom lane

On Tuesday 12 June 2007 4:04 pm, Josh Berkus wrote:

All,

[...snipped...]

This is a good idea anyway. We should have a list usage policy, and we
should link to if from the subscribe confirmation and from the web
subscription page. In addition to letting people know that e-mail
confidentiality footers will be ignored, we can tell them how the lists are
moderated, how to unsubscribe (can't have this in enough places), not to
use HTML mail, etc.

ok.. of course as an "experienced user" I agree that HTML on the mailing list
postings should be banned. kmail has a setting for this, but I doubt that the
common Windows Email Client does. my suggestion is to link to reasons *why*
HTML in email is bad (and no, "because spam is sent using html" is not a good
enough reason:)), and perhaps a link to a document that talks about how to
turn it off with yahoo, gmail, OE, etc would help. actually.. is HTML in
email all that bad if there is a reasonable text/plain version attached?
granted it chews bandwidth and storage space in the archives.. so.. hmm. :)

regards,
--
Jeff MacDonald,
Zoid Technologies <http://zoidtechnologies.com/&gt;

Jeff MacDonald wrote:

but I doubt that the
common Windows Email Client does.

I've never come across a Microsoft MUA that didn't have a plain text option.

/D

Dave Page wrote:

Jeff MacDonald wrote:

but I doubt that the common Windows Email Client does.

I've never come across a Microsoft MUA that didn't have a plain text
option.

Sure, but they also all send html by default.

Joshua D. Drake

/D

---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at

http://www.postgresql.org/about/donate

--

=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/

Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

On Tue, Jun 12, 2007 at 01:04:13PM -0700, Josh Berkus wrote:

This is a good idea anyway. We should have a list usage policy,
and we should link to if from the subscribe confirmation and from
the web subscription page. In addition to letting people know that
e-mail confidentiality footers will be ignored, we can tell them
how the lists are moderated, how to unsubscribe (can't have this in
enough places), not to use HTML mail, etc.

So, who wants to write it?

If there are no other volunteers (I may have overlooked them), I'm
willing to. I'm all for a note in the subscription &c. that says we
don't approve of, and will not be bound by, these footers. I just
don't think we should ignore the poor sods on whom these things have
been inflicted.

The only additional idea I have is that we ought to simply strip
away any e-mail footer over 4 lines from the archives. Not only
would this purge the confidentiality footers, it would save us some
space in general.

I will support this as soon as you can guarantee that the program to
do this cannot, in any possible world, ever have any bugs ;-)

A
--
Andrew Sullivan | ajs@crankycanuck.ca
Everything that happens in the world happens at some place.
--Jane Jacobs

Joshua D. Drake wrote:

Dave Page wrote:

Jeff MacDonald wrote:

but I doubt that the common Windows Email Client does.

I've never come across a Microsoft MUA that didn't have a plain text
option.

Sure, but they also all send html by default.

Nope. At least OL in a corp environment will default to RTF format,
which the server turns into plaintext when it goes on the internet.
Again, this is with the default config. A lot of people change it, of
course. (actually, it may have changed in the latest versions of OL, but
it was like this not long ago)

//Magnus

Dave Page wrote:

Jeff MacDonald wrote:

but I doubt that the
common Windows Email Client does.

I've never come across a Microsoft MUA that didn't have a plain text option.

I get hotmail email that has no text if the user used colors in the
email.

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

On Wed, Jun 13, 2007 at 05:42:33PM -0400, Bruce Momjian wrote:

Dave Page wrote:

Jeff MacDonald wrote:

but I doubt that the
common Windows Email Client does.

I've never come across a Microsoft MUA that didn't have a plain text option.

I get hotmail email that has no text if the user used colors in the
email.

It has the *option*. Doesn't mean it's used.

But you get this now? Most of the time, I get a combined one with one
plaintext and one html part, IIRC... But it could be a user setting or
somethign.

//Magnus

On Thu, Jun 14, 2007 at 01:12:40PM +0200, Magnus Hagander wrote:

But you get this now? Most of the time, I get a combined one with one
plaintext and one html part, IIRC... But it could be a user setting or
somethign.

Or maybe an old server. The only _proper_ way to send messages that
are supposed to be 2822 messages is to include at least one RFC822
message body. This may change when EAI is adopted, but until that
day, MIME is your friend and not sending an RFC822 message body is a
way of telling parts of the Internet that you don't want to talk to
them.

A

--
Andrew Sullivan | ajs@crankycanuck.ca
In the future this spectacle of the middle classes shocking the avant-
garde will probably become the textbook definition of Postmodernism.
--Brad Holland