On Mon, Mar 19, 2012 at 2:59 AM, Mark Sapiro <mark@msapiro.net> wrote:
If that were all that was required, that would be fine. The problem is that we allow approval via a pseudo-header as the first non-blank body line in the first text/plain part of the message, and we have to look for it there and if found, not only remove it from that part, but also from any alternative parts in which it might appear.
It's the removal of this pseudo-header from text/html alternatives that is the hard part. See the comment thread at <https://bugs.launchpad.net/mailman/+bug/266220>.
OK, will do.
We really need a better way of doing this. Something like requiring that all parts for which approval is requested be signed by an authorized private key, and unsigned parts be stripped. Of course that will leave most people out in the cold ....
Incorrect password is not an issue because we remove it anyway.
That's true, assuming you do find it. The real problem is whether you're trying to find it:
The other things *should* not be a problem because in theory the poster wouldn't use the header if it weren't required, and in that case, the post will be held since it isn't pre-approved. Of course in practice, held posts get approved even if they might leak a password and users do all sorts of things that don't make sense :(
Precisely. Most people use Mailman *because* they have no idea what makes sense. That's really the most important point about automation. It empowers people to accomplish tasks that they can't do on their own.
This requires them to trust the automation, of course, and that's often not a great idea. But "published source" helps.