[Mailman-Users] Mailman CSRF Vulnerability

Mark Sapiro mark at msapiro.net
Thu Jan 11 14:36:39 EST 2018

On 01/10/2018 08:47 PM, Lindsay Haisley wrote:
> Upgrading MM2 here is a bit of a PITA since I have to do a lot of
> patching to support the hacks I've done to MM over the years.

FWIW, the way I handle this is in the beginning, my production Mailman
starts as a clone of the bzr branch at
<https://code.launchpad.net/~mailman-coders/mailman/2.1>. I then apply
local changes in that branch and commit them and then configure, make
and make install it as usual.

Then to update Mailman, I just do 'bzr merge'. Rarely, there will be a
merge conflict that I have to resolve. Then in any case, I commit,
configure, make and make install as usual.

This makes updates fairly painless. I do this often and keep my
production installs up to date with the HEAD, but I trust the guy doing
the commits to the HEAD ;).

To be more conservative one could add a revisionspec like -rtag:2.1.25
to the initial 'bzr branch' and likewise something like -rtag:2.1.26 for
the 'bzr merge' to just stick to releases, all of which are tagged.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list