[Mailman-Users] Mailman privacy and authentication

Paul Crowley paul at cluefactory.org.uk
Thu Aug 30 17:32:00 CEST 2001

I'm not subscribed to mailman-users; the www.list.org front page seems
to indicate that it's still OK for me to post to this list.  I'll try
and follow any discussion in the archives, but if people could copy me
in directly I'd be most grateful.

=== Important bit ===

I'm using Mailman 1.1 to manage the announcement mailing list for a
sexuality related event (Bicon 2002).  This means that the list of
subscribers has to be kept secure.  I've switched off the ability of
non-administrators to view the subscriber list.  However, the web
interface makes it easy to test whether a particular email address is
subscribed, and to view their subscription options.

Is there a way around this?  Maybe I can configure things differently,
or newer versions of Mailman address this, or there's a patch?

=== Rambling discussion bit ===

Here's some elements of the way I'd love Mailman authentication to
work.  Please excuse the strange mix of tenses.

(1) You should need the password to see your user options page, not
just to change options.  This means the "forgotten my password" dialog
needs to be separate; I think it belongs elsewhere anyway.

(2) Like a Unix login, you should get the same behaviour from entering
an unknown email address as you do from a wrong password.

(3) If you click on the "forgotten my password" link and you never had
one, Mailman silently generates you a new one before telling you the
password has been mailed to you; the mail you receive tells you what
happened while giving you the password.

(4) In fact, I'd prefer if Mailman usually generated my passwords.
When I subscribe to a new list, I'd rather just enter my email in the
box and press "submit", and get the password in the "confirm" email;
or, for lists that don't ask for "confirm", in the "welcome" email.  I
can always change it later, after all.

I think these would be good too, but I'm not so sure.

(5) Passwords should be per-site, not per-list.

(6) Mailman-generated passwords should be more than four characters

If all this has been gone over a hundred times, my apologies!
  __  Paul Crowley
\/ o\ sig at paul.cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark

More information about the Mailman-Users mailing list