[Mailman-Users] [Mailman-cabal] GDPR
Andrew Hodgson
andrew at hodgson.io
Tue May 15 05:18:19 EDT 2018
Grant Taylor wrote:
On 05/14/2018 06:33 AM, Andrew Hodgson wrote:
[...]
>> - Audit logs for data access. it is not clear who is accessing
>> subscription data for the list as there is just a single owner and
>> moderator account. Unsure if current logging data in either MM2 or MM3 is
>> "good enough" for this. MM3 may solve the issue about single accounts.
>I guess I don't understand the problem and / or make invalid assumptions
>about MM.
>I see six modes of access to the data:
>1) List subscribers
>2) List owners / administrators
At the moment the list administrator and moderator account is accessed via no username and a single password. If that password is shared, I have no audit trail of who logged into the system. Also the system currently doesn't log specific access, for example admin A exported a load of addresses, admin B added 100 subscribers to the mailing list etc.
Andrew.
More information about the Mailman-Users
mailing list