[Mailman-Developers] How to change that unsubscriptions alsorequire confirmation

[Somuchfun]

Michael,
This feature is surprisingly not built in. If you go to the main list page
and just enter your email address and unsubscribe there will be no
confirmation - very unsafe!
So basically anyone can unsubscribe someone else.
This is a problem in terms of access control. Current legislation is very
specific about liability and disclosure of breaches in access control.
If we offer a system that has a problem with controlling access then we
might be liable.
I am surprised to see that unsubscriptions do not have the same options as
subscriptions in terms of verification of the sender!

> -----Original Message-----
> From: 
> mailman-developers-bounces+somuchfun=atlantismail.com at python.o
> rg 
> [mailto:mailman-developers-bounces+somuchfun=atlantismail.com@
> python.org] On Behalf Of Michael Heydekamp
> Sent: Saturday, January 03, 2004 1:09 PM
> To: mailman-developers at python.org
> Subject: Re: [Mailman-Developers] How to change that 
> unsubscriptions alsorequire confirmation
> 
> Somuchfun <somuchfun at atlantismail.com> wrote on 03.01.04:
> 
> > Due to current legislation we need to change mailman to also require
> > confirmation for unsubscribe requests.
> 
> That's built-in anyway, I think (unless the subscriber has 
> authenticated
> himself with his password through the Web interface)?
> 
> But what strange sort of "legislation" are you talking about?
> 
> ----------8<----------
> > Sender: mailman-developers-bounces+my=freexp.de at python.org
> ----------8<----------              ^^^^^^^^^^^^^
> 
> How and why has *that* sender header been created?
> 
> 
>         Michael
> 
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
>