[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Mailing list software

Hash: SHA1

Michael Fleming wrote:
> See also: http://www.jwz.org/doc/mailman.html :-) It does raise some
> interesting points to consider before leaping head first into it.

Point 1 is and has been outdated for a long time now (if it was even
valid for the current mailman version at the time it was written, I'm
not sure that it was).

To unsubscribe from a mailman list you do exactly the steps JWZ
outlines for "sane" list software.

Point 2 is rather foolish too.  The password is needed to log in to
use the web front end to control your settings.  Many mailman sites
use SSL for this and the password is thus reasonably secure.  It
clearly provides much more than "zero" security.  If JWZ is so
paranoid, he ought to be using a list manager that authenticates all
email commands using PGP or other string crypto.

(Interestingly, a PGP patch was written a while back for mailman, not
so much for email commands but for managing a private list that
automatically encrypted to all recipients.  It could have been
extended slightly to decrypt and verify commands sent to if by
subscribers or list moderators.)

"Wrong and misinformed rants by otherwise highly intelligent and
respected individuals are considered harmful."  :)

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
When I was a boy I was told that anybody could become President; I'm
beginning to believe.
    -- Clarence Darrow

Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]