[Mailman-Developers] Re: bugtraq submission warning: email address
harvesting exploit
David Champion
dgc at uchicago.edu
Fri Nov 28 20:39:22 EST 2003
* On 2003.11.27, in <1069992315.19968.8.camel at anthem>,
* "Barry Warsaw" <barry at python.org> wrote:
> > downloading the listname.mbox file that has all the unmunged addresses
> > still in it)
>
> I'd consider turning this off for 2.1.4 if people agree. Perhaps making
> it available only through a site config var. I'm not sure how easy that
> is, but it seems important enough to close off access to the mbox file.
I *really* value this ability, but I understand the arguments for not
making it downloadable. How hard would it be to avail it to subscribers,
but to restrict it to anonymous accessors? And would that be sufficient
for most people?
And while on the topic, I'd like to see munging in the anonymous filter
and original text in the authenticated filter, too, as someone else has
described.
--
-D. dgc at uchicago.edu
University of Chicago > NSIT > VDN > ENSS > ENSA > You are here
. . . . . . .
always line up dots
More information about the Mailman-Developers
mailing list