On Wed, Aug 26, 2020 at 09:28:30AM -0400, Jim Popovitch via Mailman-Users wrote:
So, I have volunteered to spearhead an effort to add one or two more people to the Mailman Coders group[2] in order to vet and approve new features that continue the long tradition of providing value to Mailman 2.x. Who's with me on this?
Sure.
I'm finishing the book on it anyway, so I might as well. ;)
Captchas are a worst practice in security and should never be used. They can be and are defeated at will by any adversary who wants to trouble themselves to do so. They're also user-hostile. There are much better methods available for protecting Mailman instances from abusers.
Yes yes I know I just signed myself up to explain those. This is not my first time. ;)
- One of things that I discovered while doing (2) is that Mailman v2.x expects that it has *outbound* HTTP access. I need to write this up so that the problem is understandable/arguable/fixable, but: it's a really bad idea to presume that's the case, and it's an equally bad idea to make it the case.
---rsk