centralize contact emails

[flying-sheep]

Fixes scverse/governance#12

TODO: maybe some examples or so for why someone would e-mail a certain address? It’s all behind the links, but people usually don’t like clicking links to find out if what they’re doing is correct.

[netlify]

✅ Deploy Preview for jade-cajeta-1bcca0 ready!

Name	Link
🔨 Latest commit	b084ef7
🔍 Latest deploy log	https://app.netlify.com/projects/jade-cajeta-1bcca0/deploys/6875088ae671af000847568f
😎 Deploy Preview	https://deploy-preview-170--jade-cajeta-1bcca0.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Zethson]

If we write the emails like this, do we expect more spam mails? Do we need some protection?

I also wonder whether the emails should be on the "about scverse" page (in addition??). Intuitively, I'd look there instead of behind a "Join" button.

[flying-sheep]

If we write the emails like this, do we expect more spam mails?

I have zero experience in this field, but I always assumed that spammers just crawl the raw HTML for anything that looks like an e-mail address.

I also wonder whether the emails should be on the "about scverse" page

I thought about this, but the join page is basically our “contact” page, and I think we prefer that people go to zulip instead of writing us e-mails. Maybe we should just have two links to it? (“Join” button and “About -> Contact”)

[Zethson]

@maltekuehl do you have advice for us concerning protecting public email addresses, please?

[Zethson]

I thought about this, but the join page is basically our “contact” page, and I think we prefer that people go to zulip instead of writing us e-mails. Maybe we should just have two links to it? (“Join” button and “About -> Contact”)

Yeah, this is a good compromise. No strong opinions on whether it should link to the whole page or a header that only has the emails.

[maltekuehl]

@Zethson Cloudflare is really good at obfuscating emails automatically and then rendering them with JS on the page if the threat level is low. Maybe Netlify has a similar feature? I only ever use Cloudflare.

[flying-sheep]

I can’t access the Netlify project settings. Can you please give me access?

[maltekuehl]

Seems like Netlify does not support it: https://answers.netlify.com/t/email-address-obfuscation/5330

[flying-sheep]

Hm, I thought we could add it as a middleware (or however netlify calls its middlewares) so it’s done on the hosting level, but doing it on the static level is surely also possible.

Does hugo have plugins? maybe there’s one that does that.

[Zethson]

@maltekuehl so the right way to do it in our case would be some JS/CSS ?

[flying-sheep]

No CSS. What CloudFlare does is just transforming all <a href="mailto:...">...</a> tags into placeholders that get transformed back into what they started as on page load.

@maltekuehl suggests that we replicate this manually.

And since Hugo doesn’t seem to have plugins, we should do that using Netlify middleware.

[Zethson]

@flying-sheep this is what I saw in our 1pass:

Access netlify through the scverse-bot github account.

You can find the credentials for the bot in our 1pass

[flying-sheep]

Hmm, wait. Are we using netlify in production or just for these PR previews?

Because if we only use it for preview and use just hugo + gh-pages for production, then maybe we already have protection for everything except for the PR previews.

[Zethson]

As far as I know you described it correctly. Github pages deploys the prod render

[flying-sheep]

Hmm, then it seems like we’re using cloudflare, scverse.org has two A records pointing to cloudflare-owned IPs.