[Mailman-Developers] Re: [Mailman-Users] "Invite" vs. autoresponders

Barry A. Warsaw barry at python.org
Thu Jan 2 22:45:35 EST 2003

[I'm moving this discussion to mailman-developers. -BAW]

>>>>> "SB" == Stonewall Ballard <sb.list at sb.org> writes:

    SB> I've recently discovered that vacation autoresponders will
    SB> subscribe recipients to Mailman lists when they get "invited".

Dang.  This is because the From address contains the confirmation
cookie encoded in the address.  This might kill this idea for
ease-of-use confirmations.

    SB> This is not good. It makes the feature dangerous if you've
    SB> promised to not subscribe anyone without their assent.

Can you submit a bug report on this?  We'll have to decide what to do
long term.

    SB> Is there any way to avoid this problem, other than not using
    SB> the feature?  This is yet another reason to move to URLs with
    SB> unique keys instead of using passwords. Such a URL could be
    SB> embedded in the invitation message.

Take away the From header cookie and that's essentially what you've
got in the invitation message.

I'm up for any other ideas.


More information about the Mailman-Developers mailing list