--On 2 October 2007 23:07:37 -0400 Barry Warsaw firstname.lastname@example.org wrote:
- We can drop the concept altogether. This means there'd be no way
to post a message as coming from an approved source, with a bypass of the posting filters. Maybe because few people have MUAs that support adding custom headers, this feature just isn't used much in the real world these days. You'd still have the moderation bit for announce- only lists though.
Sounds reasonable to me. I don't use this feature, and I don't think we've documented it for our users. I don't even recall being aware of it before.
- Replace the concept with some other email authentication
mechanism, e.g. something more secure like a signature check. The problem with this is that I still don't think message signing is common practice outside our small community of geeks.
No, but it could be useful for some. I doubt that this is urgent though.
- Allow an owner or moderator to use their own password in the
Approved header. I'm not crazy about this because it has to be sent in the clear and if (when?) it gets compromised, their account is compromised, and this includes their administration of the mailing list.
No, no, no. Or, at least let me disable it for my site. We're likely to want local people to authenticate with passwords that are shared with services other than Mailman. I think this proposal would be very dangerous in any corporate or educational site.
- Add a new shared password just for this purpose. You'd still have
to communicate it to all your moderators, probably via the web page, but at least this password wouldn't have any other purpose so if (when?) it gets compromised, the only asset it protects is approved postings. Bad yes, if a spammer gets it, but easily changed and hopefully fairly limited in the damage it can do.
Erm, no thanks. We really are looking forward to being able to identify our Mailman admins!
- Your suggestion.
Comments? I think my preference would be for #1 with future support for #2 and just accepting the fact that message signatures are for power users. Maybe that set is pretty close to the set of people currently using Approved anyway.