[Mailman-Users] misleading description
z.szalbot at lc-words.com
Sat May 3 09:04:09 CEST 2008
> This message only appears for a non-member if the roster is non-public
> (available only to the admin or to list members). With a public
> roster, the message is 'No such member: user at example.com'.
Ah, I see. In today's world an option for members to see other members'
addresses sounds dangerous and may even be such. But I see now why this
> Granted the message could be changed from "The confirmation email has
> been sent." to something like "The confirmation email has been sent if
> user at example.com is a list member." Do you think this would help?
Yes, it would be a lot more informative.
Maybe in future it would be better to just disallow anyone to view a
member's list and give a clear indication whether email has or has not
been sent. If the unsubscribe script cannot be exploited remotely, then
I do not see probing as a real threat (especially if additionally
secured by some captcha code or the like). But then I may not see all
the consequences of such solution.
Anyway, thanks for Mailman!
More information about the Mailman-Users