>> Maybe all that's necessary is to install cgi-bin/create as
>> cgi-bin/create.disabled by default, set its permissions to not allow
>> execution and add a note to the installation docs about the
>> consequences of through-the-web list creation and how to set it up.
Adam> Or perhaps those responsible for the set-up look at what's being
Adam> set-up, and take responsibility/make the choice themselves?People don't work that way. I was a Unix admin back in the day when virtually anybody could login to prep.ai.mit.edu. Wide open systems were probably wrong then and they are certainly wrong now. It's simply foolish to distribute software which by default has doors which are either open or easily opened.
Adam> From memory, and on Debian/FBSD systems at least, setting up
Adam> Mailman still requires intervention to sort out the
Adam> web-interface/MTA integration -- even when packaged -- : that's
Adam> good enough, imo.That's only one type of system. It hardly represents the entire universe of possible platforms. Last time I looked Debian+FreeBSD didn't represent the bulk of the servers on the Internet. For better or worse I suspect that distinction probably goes to Windows.
At work, for example, we run it on Solaris. I'm pretty sure it wasn't installed from some turnkey package. I'm similarly sure whoever installed it wasn't a sophisticated Mailman user and wasn't aware of the cgi-bin/create script. Does Mailman run on Windows? If so, you're going to have problems. If not, then you are going to have people unfamiliar with Unix systems (that is, people who only know Windows) installing it. Damned if you do. Damned if you don't.
-- Skip Montanaro - skip@pobox.com - http://smontanaro.dyndns.org/