[Mailman-Users] approval password linked to sender rather than list?
Brad Knowles
brad at stop.mail-abuse.org
Mon May 15 16:31:23 CEST 2006
At 10:01 AM +0100 2006-05-15, David Lee wrote:
> Is there a facility, or
> plans for such, for each permitted sender to have (optionally) their own
> password, useable across many lists?
This is a very good question. I'm glad you brought it to this list.
I'm pretty sure that there is no facility in Mailman today to
achieve what you're looking for. I see no problem with the concept,
but I will let others answer the technical issues of how it might be
done, etc....
If you haven't done so already, I would encourage you to file
this as a Request For Enhancement on the Mailman SourceForge page at
<http://sourceforge.net/tracker/?group_id=103&atid=350103>.
> Problem: A spoof to many lists would go to many moderators within a list
> and across lists, requiring coordination of moderators within a list, and
> consistent action of one or more moderators per list across the lists.
> Very poor scaling at a large site (with many clusters of many lists).
Yup. Getting the list moderators/admins to act in a consistent
manner is an issue regardless of the size of the list or the number
of lists.
We have similar issues with just the mailman-users and
mailman-developers lists on python.org, and they are much less
numerous than what you're talking about, and the lists are also much
smaller. Sometimes I'll approve a post for the mailman-developers
list that I think is marginal as to whether or not it belongs on that
list and sometimes I'll let it sit for a few days and see if one of
the other moderators/admins will take a decision.
I try to follow the guidelines that we've agreed for moderating
and administering the lists, but I don't always remember what they
are, and I don't always make the decision in a way that the other
moderators/admins would have agreed with.
I'm not convinced that having per-user approval passwords would
help the moderators act in a more consistent manner, but it certainly
wouldn't hurt.
> This doesn't seem possible at present (v 2.1.5). But it seems related
> to FAQ 3.46, in particular section "A password scheme could potentially
> be implemented ...".
>
> Is it yet possible?
Not so far as I know, and I'm not aware of it being on the
official plan of things to be fixed in the upcoming versions (either
2.2 or Mailman3), but certainly something that could potentially be
done.
> Does that seem reasonable?
I think so. It would reduce the probability of someone being
able to guess the list approval password, which can sometimes leak
out via unexpected channels.
> What are the drawbacks (those that would have
> significantly worse problems/weaknesses than existing mechanisms)?
About the only thing I can think of that might be an issue would
be that there would now be more data to manage, and of course the
problem of feeping creaturism.
> If not yet possible, but acceptable in theory (perhaps with amendments),
> then we would hope to consider volunteering some effort into coding it.
If you code such a feature (or have it done for you), and then
upload that to the Mailman patch page on SourceForge at
<http://sourceforge.net/tracker/?group_id=103&atid=300103>, you would
be much more likely to get this feature incorporated into a future
version of Mailman.
This isn't to say that you would be guaranteed to get this
feature incorporated, as there are many patches which have been
uploaded that have not found their way into the main code base. But
uploading your patch would greatly increase your chances.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
More information about the Mailman-Users
mailing list