Lindsay Haisley wrote:
On Fri, 2009-12-18 at 18:34 +0200, Geoff Shang wrote:
Yes I can clear their moderation flag, and in fact this is what I first suggested, but my message was in response to a message from Mark who was putting forward the position that this was a bad idea and that it's better to post using the Approved: header instead.
I don't entirely agree with Mark on this. I generally offer my customers the option of using either mechanism, with the caveat that using the mod flag is potentially less secure.
FWIW, I was recommending the Approved: <password> approach in the context of a reply where the OP said "I only want the list administrator to be able to post messages to the list".
I agree that in the case where you have authorized posters who are not necessarily admins or moderators that controlling posting by unmoderating posters and/or accept_these_nonmembers is appropriate although still subject to spoofing. It all depends on the list.
You have two moderation passwords, one for "administrators" and one for "moderators". Either will work in an "Approved" header or pseudo- header. If you don't designate any moderators, then only the administrator password is effective. There's no reason you couldn't designate a group of moderators and give them the password, and then change it administratively if their service is no longer needed.
Just to be clear, the presence or absence of an email address in the owner or moderator attributes of a list has nothing to do with who can do what. It only controls where notices are sent and what appears in web page footers.
It is quite possible to set a moderator password without adding any addresses to 'moderator', and anyone who knows that password can post an Approved: or Urgent: message and log in to the admindb page.
See the FAQ at http://wiki.list.org/x/5YA9.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan