On Tue, Nov 25, 2003 at 11:07:39AM -0800, Chuq Von Rospach wrote:
Fails ADA and accessibility requirements badly. I'd argue against any
solution that fails such basic needs without any real way to fix it.
What about reverse turing tests that aren't graphics-based? It's easier to beat "What is the sum of three and fifteen?" or "what is the name of this mailing list?" text-tests than the more complex RTTs, but it would make exploit code that much harder to write without sacrificing users who can't, for example, view graphics or hear sounds.
Better is to simply teach the archives not to distribute sensitive
information at all. And a lot easier to implement, actually.
So, is anyone working on this *within* pipermail? I know there are great alternative archivers out there, but Mailman still winds up with a bad reputation if the default isn't very secure. Maybe for 2.2 we could have a "completely obscure archived email addresses" option which changed them all to user@xxxxxx.