[Bug 266317] Re: attachments archived even when archiving disabled

claus 266317 at bugs.launchpad.net
Thu Feb 16 15:35:28 CET 2012

I suggest marking this bug as a security issue.
While testing a mailserver I came across this bug: Admins and Mailinglistadmins were not aware that years of archived attachments were stored on their server and could be accessed by an attacker gaining access to that system. They explicitly set archiving to "No" so confidential information would not be left lying around on the mailserver.
=> This is not expected behaviour
=> This can be become a very serious security issue for some users

You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.

  attachments archived even when archiving disabled

To manage notifications about this bug go to:

More information about the Mailman-coders mailing list