[ mailman-Bugs-1868873 ] deceptive listinfo "to post a message..."

SourceForge.net noreply at sourceforge.net
Sun Jan 20 05:22:20 CET 2008


Bugs item #1868873, was opened at 2008-01-11 05:41
Message generated for change (Comment added) made by jidanni
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1868873&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: security/privacy
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: jidanni (jidanni)
Assigned to: Nobody/Anonymous (nobody)
Summary: deceptive listinfo "to post a message..."

Initial Comment:
Allow me to introduce the primary bug of all, the one that is
certainly the first one encounters upon first contact with mailman as
a mere user. He sees on the listinfo web page:

 "To post a message to all the list members, send email to ..."

Which means TO HIM, the innocent victim, that "posting is wide open.
What ever you send will get full executive treatment and be sent to
all members and the archive forthwith".

When in fact it really means
"Yes, we say 'to post', but to post is not to receive, necessarily.
I.E., depending on policies, your message might 1. go to /dev/null, 2.
go to /dev/null with a notice back to you, 3. go into a queue for
moderator approval, 4. as 3 but with a notice back to you, 5....
and it all depends on the configuration, which the moderator/administrator has
elected not to make public, i.e., one of 1,2,3,4... will happen, and
we could tell you here, but we won't.

So what happens, is due to the *deceptive* message
 "To post a message to all the list members, send email to ..."
the user posts and waits several days not knowing what is happening,
while his burning question lies unseen who knows where.

If subscription is required to post, than say "subscription is
required to post".

If you are not willing to mention that subscription is or is not
required, in an effort to thwart spammers, then say "subscription may
be required to post".

Anyway, the software is very aware of just what requirements there are
to post, so it should say them there on listinfo, unless the
administrator has checked "[x]Obfuscate posting requirements on
listinfo page". Whereupon say  "subscription may
be required to post, but the administrator has chosen not to reveal
what they may be."

Anyway, in no case continue saying
 "To post a message to all the list members, send email to ..."
as it looks like the current message. If the list is really wide open, say
 "Membership not required to post"...

Don't just reply to this bug saying to ask the administrator to edit
the HTML files for his site, as the forwarding in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=199195
probably thought.

Tell them to edit the HTML if checking the above [x] box is not
enough.


----------------------------------------------------------------------

>Comment By: jidanni (jidanni)
Date: 2008-01-20 12:22

Message:
Logged In: YES 
user_id=1971011
Originator: YES

> Why not just ask the administrator to edit the HTML *templates* for his
site?

No. There should just be a choice on the administrator panel,

    Be honest about things []Yes [X]No.

(Actually a group of choices, one for each thing.)

[X]No by default, for security.

That would cover 99% of the cases, keep people from mucking with
the HTML, and make them conscious of the deception.

----------------------------------------------------------------------

Comment By: Jim Popovitch (jimpop)
Date: 2008-01-20 09:05

Message:
Logged In: YES 
user_id=3142
Originator: NO

Why not just ask the administrator to edit the HTML *templates* for his
site?

----------------------------------------------------------------------

Comment By: jidanni (jidanni)
Date: 2008-01-18 04:43

Message:
Logged In: YES 
user_id=1971011
Originator: YES

The following statement also is one where the computer knows very well
what the
configuration is, but is too lazy to check, even if the administrator
wanted it to. So add a configuration item for this item: gloss over
the facts to fool spammers [] or give the real deal [x].

"Your subscription request has been received, and will soon be acted upon.
Depending on the configuration of this mailing list, your subscription
request may have to be first confirmed by you via email, or approved by the
list moderator. If confirmation is required, you will soon get a
confirmation email which contains further instructions."

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1868873&group_id=103


More information about the Mailman-coders mailing list