-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 24, 2008, at 9:37 PM, Jo Rhett wrote:
On Mar 4, 2008, at 6:00 PM, Stephen J. Turnbull wrote:
In any case, it's hard to sympathize with your claim of urgency. Mark's intention to release 2.1.10 has been known for many months. This proposal comes on the eve of release. Code changes to implement it can, and should, wait for the next release.
What? I'm sorry, but Mailman has been blamed for backscatter for like 3 years going now. This problem has been well known for long before 2.1.10 was even dreamed of. I am asking that the developers start paying attention *NOW*.
If the problems aren't going to be solved before 2.2, then we're going to put Mailman in the same bin as qmail and say that using it is a violation of the AUP.
Now that there's documentation, I don't think you need to be that
severe. Not everybody needs or wants this particular behavior. Those
that do should now have the information at their fingertips. If
downstream distributions want to change the defaults they are free to
do so.
This simply cannot be changed in Mailman 2.1. For one thing, it's a
major feature change, not a security fix. A security problem would be
something like a cross-site scripting vulnerability or remote root
exploit. For another, pushing back 2.1.10 guarantees that 2.2 will be
delayed because of the extra q/a that needs to happen, etc. This
isn't a trivial change and we have limited resources.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin)
iQCVAwUBR+lnaXEjvBPtnXfVAQKXCwQAk6y1e4juyw4DAh6XIoYzKdSFzZ4/2h9U 3Ql6dfeU14niMIpJPYlf3qKTECu5aI21q+yAlT8t4yud48aAAgqTMkGPWMQ93T8A OZ8YWUhxMypzkxYIyR/X/W/n3rhthdPY3Y6a13F5NhlATEPwQXuXaIwxaN/m7FSC HxTNcT69OrU= =aWxK -----END PGP SIGNATURE-----