Site Contact Email Address in RSS?


(David Kobia) #1

Is there any particular reason why the email address should be included in the element of the the RSS feed? I know this is just to conform to the RSS 2.0 Spec, but it is an invitation to spam. It was a little unsettling to see that my personal email address has been in one of my discourse installs all this time. I’d recommend getting rid of the element altogether. I think most major CMS’s and blogging platforms do anyway.

edit: Maybe not get rid of it, but just the email address.


(Alexander) #2

I did worry about this when creating the initial RSS feeds. It was important to me that the feed pass validation, so I decided that the site’s email address would be better than users’ addresses…

So:

  • how important is it that feeds conform to the spec?
  • if we need to have an email address specified, what should it be?

(Jeff Atwood) #3

Why are you interpreting “author” as “email address”?

This seems like a serious problem to me. It isn’t even correct. See this @sam:

RSS Coffee map of America

<author>sam.saffron@discourse.org (@TobinL Tobin Lathrop)</author>
<author>sam.saffron@discourse.org (@SteveT Steve Taylor)</author>
<author>sam.saffron@discourse.org (@IronEdithKidd IronEdithKidd)</author>

(Sam Saffron) #5

I fixed this:

https://github.com/discourse/discourse/commit/b77fe49150b07892c7cc59c44b681db413f3eddd

If someone really insists on customising the email there they can send a PR with a site setting (and a very good argument to back it)

using site contact seems a bit over the top here.


(Alexander) #6

Cause that’s what the spec said.


(Jeff Atwood) #7

Still, crazy spec is crazy. What kind of site would expose all contributor emails?


(Alexander) #8

The original implementation exposed the forum’s contact_email setting, not the addresses of individual users.


(Sam Saffron) #9

Confirmed, the “grievance” here was that site_contact_email was leaking out, not individual email addresses. Personally I don’t see the huge drama, but then again I don’t also see the use in leaking it out and we are always extra prudent in the privacy department.


(Sam Saffron) #10

This topic was automatically closed after 24 hours. New replies are no longer allowed.