[Mailman-Users] [Mailman-cabal] GDPR

Andrew Hodgson andrew at hodgson.io
Tue May 15 05:18:19 EDT 2018

Grant Taylor wrote:

On 05/14/2018 06:33 AM, Andrew Hodgson wrote:


>> - Audit logs for data access.  it is not clear who is accessing
>> subscription data for the list as there is just a single owner and
>> moderator account.  Unsure if current logging data in either MM2 or MM3 is
>> "good enough" for this.  MM3 may solve the issue about single accounts.

>I guess I don't understand the problem and / or make invalid assumptions
>about MM.

>I see six modes of access to the data:

>1)  List subscribers
>2)  List owners / administrators

At the moment the list administrator and moderator account is accessed via no username and a single password.  If that password is shared, I have no audit trail of who logged into the system.  Also the system currently doesn't log specific access, for example admin A exported a load of addresses, admin B added 100 subscribers to the mailing list etc.


More information about the Mailman-Users mailing list