[Mailman-Users] any info on this reported exploit?

Brad Knowles brad at stop.mail-abuse.org
Mon Jan 30 01:52:51 CET 2006

At 4:10 PM -0500 2006-01-29, Jim Popovitch wrote:

>  But, Diana wasn't emailing sensitive info.  She was asking a very
>  important question about something that was already public.  You then
>  told her that she should have gone to the secret-handshake club.  Are
>  you suggesting that all "Hey, has this been fixed yet" questions
>  should be off list and only one-on-one with mailman-security?

	I don't care about the content of this most recent incident.  I 
care that the process we specified in FAQ 1.27 wasn't followed.  In 
this case, no harm was done.  But in the previous case where someone 
did something like this, a great deal of harm was caused.

	I care that the proper procedures be followed.

	It's like playing Russian Roulette.  This time, the chamber was 
empty.  Next time, it might not be.

>  er, Right.... (the elitism really shines through Brad).

	If we insist that everyone follow the proper procedure every 
time, then we shouldn't have any problems.  But if you can't (or 
won't) follow the proper procedures, then I think it's perfectly 
reasonable to ask that you go somewhere else.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.

More information about the Mailman-Users mailing list