[Mailman-Users] listname-request who command

Jennifer Oxelson oxelson at unidata.ucar.edu
Wed Mar 21 18:32:31 CET 2007


Sending email to the listname-request alias,  I'm able to verify that I 
can everyone who is on a mailing list by supplying the list 
administrator or moderator password to retrieve the roster (I have the 
list roster is limited to list administrators and moderators only). 

The issue is I can send the 'who' email command with the admin password 
from /*any*/ email address (not even subscribed) and get the roster... 
is this right?   Wouldn't it be better if the 'who' command only worked 
for email addresses corresponding to list admins/moderators when the 
list roster is configured to be only available to these privileged 
users?  (Or am I being overly paranoid?)


More information about the Mailman-Users mailing list