[Mailman-Developers] How to change that unsubscriptions
alsorequire confirmation
Michael Heydekamp
my at freexp.de
Wed Jan 7 16:24:00 EST 2004
Somuchfun <somuchfun at atlantismail.com> wrote on 07.01.04:
> This feature is surprisingly not built in. If you go to the main list
> page
Which main list page? The options page where you have three sections
(authentication facility to change your settings, cancel the
subscription and sending a password reminder)?
> and just enter your email address and unsubscribe there will be
> no confirmation - very unsafe!
If you're right, I agree. And then the text at least on the English and
German page would be wrong.
> So basically anyone can unsubscribe someone else.
Hmm. We are running Mailman in a test environment just since a short
while and still have some tests before us - this is one of them.
I'll test this during the next days and will confirm or deny this
behaviour. Which version of Mailman are you running?
> This is a problem in terms of access control. Current legislation is
> very specific about liability and disclosure of breaches in access
> control. If we offer a system that has a problem with controlling
> access then we might be liable.
Liable for what? This is in the worst case a software bug or leak or
whatever which is not nice but does not create real damage IMO. Well,
somebody not being authorized might cancel a mailing list subscription,
I can think of worse scenarios...
You're in California, right? OK, I'm of course not familiar with the
legislation over there but I have heard that in the U.S. almost
everybody is being held liable for almost everything, so you might be
right. ;-)
BTW: Your Outlook is screwing up the subject ("alsorequire").
^^
Michael
More information about the Mailman-Developers
mailing list