On Fri, Jul 13, 2001 at 04:15:20PM -0400, Barry A. Warsaw wrote:
This the official announcement for Mailman 2.1 alpha 2. [...]
To view the on-line documentation, see
http://www.list.org/MM21/index.html
2.1 alpha 2 (11-Jul-2001)
[ lots of extremely cool stuff deleted ]
o Subscription confirmations can now be performed via email or via URL. When a subscription is received, a unique (sha) confirm URL is generated in the confirmation message. Simply visiting this URL completes the subscription process.
This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET) should not have side effects like confirming a subscription.
A few months ago I sent mail to mailman-developers with a suggestion for how to implement this in a compliant way without hindering usability:
http://mail.python.org/pipermail/mailman-developers/2001-January/003579.html
mid:20010103022646.A31881@impressive.netI realize that a number of other sites misuse GET this way, but I think most of the large ones (e.g., Yahoo, online brokerages and banks, etc.) get it right, and I think Mailman should too.
Further reading on GET vs POST:
Forms: GET and POST
http://www.w3.org/Provider/Style/Input
Axioms of Web architecture: Identity, State and GET
http://www.w3.org/DesignIssues/Axioms#state
HTTP 1.1 section 9.1: Safe and Idempotent Methods
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
HTML 4.01 section 17.13: Form submission
http://www.w3.org/TR/html4/interact/forms.html#h-17.13-- Gerald Oskoboiny <gerald@impressive.net> http://impressive.net/people/gerald/