[Mailman-Users] Roster security
Rubén Fernández Asensio
enseikou at gmail.com
Sun May 20 10:32:08 EDT 2018
My question may be dumb, but I need some confirmation.
I set up a list so that the roster is visible to subscribers.
I just noticed that, when any subscriber logs into the roster, s/he can
access any other user's option page and try to unsubscribe that user or
send a password reminder.
I know no user can be unsubscribed without replying to the confirmation
message, but I was very surprised that any subscriber would be allowed
to do that to any other. I thought making the roster visible to
subscribers would only expose their emails (and names, if they provided
Is this by design, or is this a bug in my Mailman installation? Is there
any way of making the roster visible to subscribers without giving
access to personal option pages through it?
More information about the Mailman-Users