Somuchfun <somuchfun@atlantismail.com> wrote on 07.01.04:
This feature is surprisingly not built in. If you go to the main list page
Which main list page? The options page where you have three sections (authentication facility to change your settings, cancel the subscription and sending a password reminder)?
and just enter your email address and unsubscribe there will be no confirmation - very unsafe!
If you're right, I agree. And then the text at least on the English and German page would be wrong.
So basically anyone can unsubscribe someone else.
Hmm. We are running Mailman in a test environment just since a short while and still have some tests before us - this is one of them.
I'll test this during the next days and will confirm or deny this behaviour. Which version of Mailman are you running?
This is a problem in terms of access control. Current legislation is very specific about liability and disclosure of breaches in access control. If we offer a system that has a problem with controlling access then we might be liable.
Liable for what? This is in the worst case a software bug or leak or whatever which is not nice but does not create real damage IMO. Well, somebody not being authorized might cancel a mailing list subscription, I can think of worse scenarios...
You're in California, right? OK, I'm of course not familiar with the legislation over there but I have heard that in the U.S. almost everybody is being held liable for almost everything, so you might be right. ;-)
BTW: Your Outlook is screwing up the subject ("alsorequire"). ^^
Michael