Automatic download list serves as spamlist

Frank Karlitschek karlitschek at
Wed May 27 09:26:02 UTC 2009

On 27.05.2009, at 01:11, Lydia Pintscher wrote:

> On Wed, May 27, 2009 at 01:00, Albert Astals Cid <aacid at>  
> wrote:
>> A Dilluns, 25 de maig de 2009, Krzysztof Chrapka va escriure:
>>> To team,
>>> unfortunatly after posting some contents on, I got  
>>> my very
>>> first Nigerian spam letter. After quick googling out where did my  
>>> e-mail
>>> address croped up in the Internet, I found it on the
>>> automatic download list. As far as I remember, I have not allowed
>>> redistributing my email address and I was assured that it will not  
>>> be
>>> visible to the other users. Moreover, I am unable to change it in a
>>> spam-bot secure method (with replacing @ or dot characters), since  
>>> you are
>>> checking validity of address after each change. Although the email  
>>> address
>>> was given on page associated to, it leaked out to  
>>> the open
>>> Internet from the KDE project domain.
>>> Hoping, this thoughtless security hole will be patched soon,
>>> Yours sincerely,
>>> Krzysztof Chrapka
>> Frank? Lydia?
>> Albert
> I am an editor on the open-desktop sites but I don't really know much
> about the technical side of it or KHotNewStuff. Frank or Jeremy will
> have to answer that one.
> Cheers
> Lydia


wow. This is an interesting problem.
I never thought about the possibility that spammers could fetch and  
parse our internal XML files.

I removed the email addresses from the GHNS XML files.
Sorry for the trouble.


Frank Karlitschek
karlitschek at

More information about the kde-www mailing list