[Mailman-Developers] bugtraq submission warning: email address harvesting exploit

Phil Barnett philb at philb.us
Thu Nov 27 23:25:28 EST 2003

On Thursday 27 November 2003 11:05 pm, Barry Warsaw wrote:
> On Fri, 2003-11-28 at 06:26, Colin Palmer wrote:
> > (then you just need to add an ACL to the webserver to stop someone
> > downloading the listname.mbox file that has all the unmunged addresses
> > still in it)
> I'd consider turning this off for 2.1.4 if people agree.  Perhaps making
> it available only through a site config var.  I'm not sure how easy that
> is, but it seems important enough to close off access to the mbox file.

I'd prefer it gone. If someone needs it badly enough and they can convince me, 
I can make it available by some other method.


"The true measure of a man is how he treats someone who can do him absolutely 
no good." 
- Samuel Johnson (1709-1784)  

More information about the Mailman-Developers mailing list