[Mailman-Users] Muti-Mailman install

Brad Knowles brad at python.org
Fri Jun 20 19:27:00 CEST 2008 

Charles Marcus wrote:

> You replied on list, so I will too...

Not really a very wise idea.  When I use my @python.org e-mail address 
(which I very rarely do), I speak from a position of a certain amount of 
authority on the subject.

If you want to try to have a civilized private conversation with us on the 
subject, we can probably find a way to do that.

But if you continue to aggressively and publicly challenge us on our own 
mailing list over a topics that were considered dead and buried years ago, 
the only likely outcomes are ones that you probably will not like.

>                                          though, most discussion lists - 
> for most people, using the most popular mail clients - operate much more 
> smoothly when Reply-to munging is implemented.

In your experience.  And how many decades have you been specializing in 
Internet e-mail systems administration?

How many of the screwed-up MUAs that we talk about have you actually 
encountered?  None?

So, it is out of ignorance that you say everyone should completely and 
totally ignore our advice?

Do you really want to use ignorance as your only defense?

> *My* point was simply pointing out that there *is a preference setting* 
> in the Mailman GUI for changing this, so if someone *wants* to change 
> it, they obviously *can* - so what difference does the *default* make?

The default makes a huge difference.  Ask Microsoft.

In my experience, over 90% never change the defaults on the software they 
install, whether you're talking about our mailing list management software 
or anything else.

If those defaults are not secure, then they are not secure -- again, go talk 
to Microsoft.

There are lots of admins out there who are capable of doing an "apt-get 
mailman" (or whatever), and not much beyond that.  Therefore, we have to be 
extra careful in terms of what is enabled or disabled by default.


There are battered womens shelters who use our software, and some of those 
battered women literally do have stalkers coming after them.  There are 
dissident groups in authoritarian countries that use our software, and some 
of those dissident groups really do have the secret police coming after them.

These kinds of things are always in the backs of our minds as we develop and 
maintain our software, and while we won't necessarily leave out certain 
features of our software just because it could be dangerous if 
mis-configured, we certainly do keep in mind the fact that we should 
probably ship those features disabled by default.


But as strongly as we hold our views that Reply-To: munging should not be 
done, we do acknowledge that there are certain limited circumstances where 
it might potentially be acceptable to do this kind of munging -- like when a 
company is running an internal discussion list and they want to force all 
their employees to keep all replies on the list.  And if those employees 
screw up and post sensitive private information on the list, then the only 
thing at risk is their jobs, and the jobs of any others who might have also 
been accidentally exposed.


So, we allow people like you to choose to configure your software 
differently.  Why can you not accept that we choose to configure the default 
for this option to be disabled?

Do you really want to take that fascist approach with us, where we hold an 
opinion but we allow you to speak, but you do not in return allow us the 
same courtesy?

> Sorry, but this isn't true for any mail client I've ever used... ever 
> heard of copy/cut/paste? Yeah, it requires some manual labor, rather 
> than clicking a button, but it can still be done.

Just because you have not encountered something does not mean it does not 
exist.  There are those of us who've actually been around for a while who 
have seen all sorts of seriously weird crap.

And your claim that you've never run into this weird crap is not proof that 
this weird crap does not and cannot exist.

> If someone is dumb enough to send information of such a nature without 
> actually *looking* at where it is going, then yeah, they might actually 
> be required to pay the consequences...

Then you be the one to try to explain that to their surviving family 
members.  Go back to the top of this response and re-read the part where I 
talked about who some of our customers are for this software.

And no, as much as I might like to, I'm not going to provide those family 
members with firearms, so that they can demonstrate to you the danger that 
their dear departed one faced.

> I did... I just believe that it is *ideally* correct, but 
> *realistically* incorrect,

I'm glad you feel privileged that you are the only person on the planet who 
should be allowed to define what reality is.

-- 
Brad Knowles <brad at python.org>
Member of the Python.org Postmaster Team & Co-Moderator of the
mailman-users and mailman-developers mailing lists

More information about the Mailman-Users mailing list