[Mailman-Users] Cookies

John A. Martin jam at jamux.com
Mon Nov 29 15:09:03 CET 1999

Hash: SHA1

>>>>> "Chris" == Christopher Lindsey
>>>>> "Re: [Mailman-Users] Cookies"
>>>>>  Mon, 29 Nov 1999 00:31:29 -0600 (CST)

    >> What can be done to make mailman comply with a privacy policy
    >> that states "we don't do cookies"?

    Chris> Easiest solution is to modify the privacy policy so that it
    Chris> allows cookies for mailing list usage only.

    Chris> However, if the company/organization is too bloated or
    Chris> bureaucratic to get this done in any reasonable amount of
    Chris> time, not much with the current code.

FWIW in this instance it is the difference between a privacy policy
that says, in effect, "We do not offer nor accept cookies, if you are
asked to accept a cookie you are not connected to this site" and a
policy that says, in effect, "Trust us and anybody who may impersonate
us or one of our pages not to misuse cookies".

    Chris> But...  Code was submitted back in July to allow .htaccess
    Chris> style authentication (read "not cookies) so that we could
    Chris> use our much preferred, stronger Kerberos authentication on
    Chris> a secure server (single sign-on is Good).

    Chris> I'll see if I can dig up the code.  If you don't hear from
    Chris> me in a week, ping me.  Memory == sieve.  :)

Thank you.  That might be a great help.

Will your patch allow single sign-on without Kerberos?  The
requirement is to conform to the same simple direct privacy statement
as on other web servers at the site.  The mail and web server are on a
host dedicated to the mailing lists and their archives (now listproc)
which are not sensitive.  Consideration is being given to using
Apache-SSL for Mailman.

The cookie business could be a killer unless it can be disabled while
awaiting a single sign-on solution.


Version: GnuPG v1.0.0 (GNU/Linux)
Comment: By Mailcrypt 3.5.4 and Gnu Privacy Guard <http://www.gnupg.org/>


More information about the Mailman-Users mailing list