Re: [Mailman-Developers] Mailing lists exploited
On Wed 2017-05-17 09:20:21 +0100, Jonathan Knight wrote:
i'm not convinced that these two scripts are significantly different in difficulty, though i acknowledge that the former is marginally easier.
it sounds to me like the real underlying concern is about allowing submissions to bypass moderation based on forgeable data like the From: header. fixing it in the display side seems likely to trigger a game of whack-a-mole.
--dkg
Hi Daniel
Our use case is that most (but not all) of our lists are internal and so the archives are not public. However the listinfo pages are public for the few public lists that we run and to allow of campus staff and students to access the list management screens.
So for us, hiding the list administrator email on the list info pages effectively cuts off the ability to get a prospective list of possible administrators.
But I agree that for public lists with public archives the benefit is minimal, but I don't think it does much harm
Jon
On 17 May 2017 at 15:57, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
-- Jonathan Knight IT Services Keele University
Hi Daniel
Our use case is that most (but not all) of our lists are internal and so the archives are not public. However the listinfo pages are public for the few public lists that we run and to allow of campus staff and students to access the list management screens.
So for us, hiding the list administrator email on the list info pages effectively cuts off the ability to get a prospective list of possible administrators.
But I agree that for public lists with public archives the benefit is minimal, but I don't think it does much harm
Jon
On 17 May 2017 at 15:57, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
-- Jonathan Knight IT Services Keele University
participants (2)
-
Daniel Kahn Gillmor -
Jonathan Knight