Hello:
We're running a 16K member mailing list on version 1.1 and running into a significant privacy issue regarding membership management.
As distributed, Mailman makes it trivial to discover if a given address is in fact a subscriber. If you suspect dev@null.com has joined a list, go to the user page and enter his address to subscribe; you'll get back a revealing reply 'You already belong, dummy'..
We initially yanked large chunks of html from the general list information page, but that removes all web-based user options.
Our ideal outcome is a General List Info Page with two actions:
No password section:
Current users get passwords (if any) mailed; with the web page
not saying if any address is subscribed or not. If not a
subscriber, Mailman would send a "subscription confirmation"
notice to the potential member. (This also alerts the 'victim'
of potential abuse.)
Password presented sections:
Users w/ password see no feedback until after entering a valid ID
and pw; i.e. both non-existent users and existing ones w/bad pw's
are both met with "Sorry, wrong password" as in a *nix login.We looked at modifying the html on the user pages but the python module "handle_opts" seems hard-coded into giving revealing responses. We also glanced at Mailman 2.0.6 but it seemed to offer the same behavior.
Has anyone else already looked into this issue, and proposed code to solve it? We are considering writing a patch for "handle_opts" and and submitting it but 1) don't want to fork the code, and 2) don't want to duplicate/waste the effort.
thanks, David and Federico