Re: [Mailman-Developers] Monthly reminder sent by mailman-owner considered harmful
[Bart Schaefer]
On 4 Jun 1999, Harald Meland wrote:
[Bart Schaefer]
Consider the possibility that I, unaware that this is going to take place, subscribe an address that represents a local exploder. At some later time everyone on that local list is going to be given my password
If you're adding other people's addresses, then how would they be able to unsubscribe later
Because my "local exploder" is a news gateway and they simply use their newsreader to subscribe/unsubscribe the newsgroup. Or because my exploder is another mailing list manager so they can subscribe/unsubscribe from the local list. Neither of these is an uncommon situation.
I have no problem seeing the usefulness of adding non-personal addresses to mailing lists. I was merely stating that you shouldn't be using a very "private" password when doing so (i.e. don't use passwords that are used for other subscriptions as well).
[ Even if the automatic reminders are turned off, people can still go to the list's member page (if it is open), click on some member address, and click on the "Send me my password now" button to have Mailman distribute the password to the member (which could be an exploder). ]
In cases like these, there _will be_ loopholes in Mailman's "security mechanisms", unless you introduce some new concepts -- e.g. a "member owner address" that receives all administrative requests regarding it's associated member.
The umbrella list feature of Mailman solves these things for lists where _all_ the member are exploders, but not for lists with both user and list members. I have been thinking about implementing a more general solution after 1.0 is out, but the list of post-1.0 things to do is getting pretty long... :)
Harald
On 4 Jun 1999, Harald Meland wrote:
I have no problem seeing the usefulness of adding non-personal addresses to mailing lists. I was merely stating that you shouldn't be using a very "private" password when doing so (i.e. don't use passwords that are used for other subscriptions as well).
It doesn't matter how personal the password is; the point is that any person using the local exploder could go to the member page and unsubscribe, thus cutting off everyone else who relies on the exploder. They might even be misled into doing so, thinking that they were unsubscribing themselves only.
[ Even if the automatic reminders are turned off, people can still go to the list's member page (if it is open), click on some member address, and click on the "Send me my password now" button to have Mailman distribute the password to the member (which could be an exploder). ]
True, but there's a difference between having to actively go looking for a password and having that password sent to you unsolicited.
I understand if there's a technical reason this can't be made a personal preference before the release, but please consider at least making the installation default be to NOT send these messages, and include some kind of warning to the list admin about why he might not want to turn it on.
I understand if there's a technical reason this can't be made a personal preference before the release, but please consider at least making the installation default be to NOT send these messages, and include some kind of warning to the list admin about why he might not want to turn it on.
Forgive me for butting in, and please realize I'm not trying to argue the merits of this solution, but it just occured to me that one way to solve this might be to configure the local exploder *not* to pass along mail from 'mailman-owner' (or whatever address the monthly reminder comes from, I forget right now) and to instead forward it to it's local administrator.
That's how I would do it, I think.
Troy
participants (3)
-
Bart Schaefer -
Harald Meland -
Troy Morrison