On Thu, 26 Feb 1998, Robin Friedrich wrote:
In a prior round of email, Ken mentioned that we would need to key the mail list entries to something other than the person's actual email address in order to implement the flexible user information editing capability of the web (changing one's sendto address, etc.). I agree that this is needed, sooner or later. Since I haven't seen the code yet, how difficult is it to just make a unique key for each subscriber and key the database off that with address as just one value?
Actually, that's not what i meant to imply. In a maillist system where users have "accounts" - ie some kind of identity which they can control and which has resources associated with it - it seems to me that the reception email address is precisely the right characteristic for identifying that account. It is only thing you really know with any assurance *at all* about the user. Everything else is on their say so.
To understand this perspective, consider that any user can hit the "send me my password" button for any account. The important thing is that the password gets sent to the email address for the account, not some arbitrary address of the user's choosing. The password and the only invariant of the account are tightly coupled. We do *not* want to allow any subscriber to specify different addresses for delivery of their password and delivery of their subsciption postings - the would allow pranksters and other malicious folk to subscribe and inflict unwanted mail from our lists on arbitrary people.
No, i think it's important to keep the email address as the account identifier, and not let the user change that within the same account. The nice thing mailman offers is change of anything else - digest or non-digest, concealment, etc.
I hope I'm not using this list too soon.
I don't think so. And btw, i'm hoping to finish packaging up my full set of patches to release within an hour or two - i'll be posting to both lists when it's ready...
Ken