Jeremy Zawodny is asking for suggestions on how to bring Yahoo Groups
up to date on his blog.
http://jeremy.zawodny.com/blog/archives/006541.html

--- In aggregators@yahoogroups.com, "Bill Kearney" <ml_yahoo@...>
wrote:
>
> > I've reached the conclusion that "private" RSS feeds that require
> > authentication is a bad idea.
>
> I disagree.
>
> > The problem is that RSS is frequently
> > consumed by spiders, robots and other automated apps and then
> > re-purposed.
>
> Automated apps wouldn't have the auth keys. Thus the feed would
never get
> seen by them.
>
> > This re-purposing often results in the items then appearing
> > in a public feed with no authentication. So even though you serve
up the
> > feed securely you really have no idea what happens to it later. An
> > example of this was a feed that was dropped into Newsgator by a
user. it
> > later turned up in Newsgator's public search. This is not a
refelection
> > on Newsgator necessarily and I know they do try and keep HTTP-Auth
> > protected feeds out of their public database.
>
> The existance of the RSS feed URL can't be assumed to stay
private. That
> something else might possess the URL doesn't compromise the
contents.
>
> > In theory this should be no different from HTTP-AUTH protected web
> > pages. But in practice the RSS community is much less careful
about
> > respecting privacy than the relatively smaller community of
people that
> > write automated apps to access html pages.
>
> I don't think this is any different than any other computer program.
> E-mail, for example, does nothing to prevent simple forwarding, let
along
> cut/paste. Nor do web pages. Feeds aren't any more or
less 'respecting' in
> this regard.
>
> > The point here is that if we write aggregators we should try to be
> > careful about respecting feeds that should be private. In
practice, this
> > can be hard. And as a feed provider you shouldn't assume that your
> > private feed will stay private.
>
> If it's behind an http auth you've reason to assume that unless the
user
> also republishes their username/password combo it'll remain safe
for the
> first pass.
>
> > Which is all a long winded way of saying that if you want a feed
from a
> > Yahoogroup, then make the group open. What is the group owner
trying to
> > hide anyway?
>
> I likewise disagree on this point. It's tragically disappointing
that yahoo
> has not come to grips with this problem. That they cannot offer
their list
> members the option of using RSS for their lists shows they really
don't get
> RSS.
>
> -Bill Kearney
>