[Mailman-Developers] before next release: disable backscatter in default installation
barry at python.org
Tue Mar 25 21:58:17 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
On Mar 24, 2008, at 9:37 PM, Jo Rhett wrote:
> On Mar 4, 2008, at 6:00 PM, Stephen J. Turnbull wrote:
>> In any case, it's hard to sympathize with your claim of urgency.
>> Mark's intention to release 2.1.10 has been known for many months.
>> This proposal comes on the eve of release. Code changes to implement
>> it can, and should, wait for the next release.
> What? I'm sorry, but Mailman has been blamed for backscatter for
> like 3 years going now. This problem has been well known for long
> before 2.1.10 was even dreamed of. I am asking that the developers
> start paying attention *NOW*.
> If the problems aren't going to be solved before 2.2, then we're
> going to put Mailman in the same bin as qmail and say that using it
> is a violation of the AUP.
Now that there's documentation, I don't think you need to be that
severe. Not everybody needs or wants this particular behavior. Those
that do should now have the information at their fingertips. If
downstream distributions want to change the defaults they are free to
This simply cannot be changed in Mailman 2.1. For one thing, it's a
major feature change, not a security fix. A security problem would be
something like a cross-site scripting vulnerability or remote root
exploit. For another, pushing back 2.1.10 guarantees that 2.2 will be
delayed because of the extra q/a that needs to happen, etc. This
isn't a trivial change and we have limited resources.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
More information about the Mailman-Developers