[Mailman-Users] Non-ASCII signs in welcome text
Stephen J. Turnbull
stephen at xemacs.org
Sun May 3 02:21:15 CEST 2009
Hendrik Maryns writes:
> Yes. Caution is good, but isn’t this exaggerated?
No. It's not just your systems that are at risk. Mine are, too.
Remember, almost all of these measures are taken because someone has
demonstrated a similar exploit, and most exploits are not done for
their own sake, but rather to achieve a platform for cracking more
systems.
Of course, if you're a security expert and know what risks are
present, and are sure they don't apply to your system, Mailman is open
source, you can change it. If that sounds like too much work, don't
you see that probably means you don't really have enough resources to
change the settings and still be secure? On the other hand, systems
and their environments are infinitely variable. The Mailman
developers can not know enough about your system to make those
decisions, either.
More information about the Mailman-Users
mailing list