Mailing list software

[Todd Zullinger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Fleming wrote:
> See also: http://www.jwz.org/doc/mailman.html :-) It does raise some
> interesting points to consider before leaping head first into it.

Point 1 is and has been outdated for a long time now (if it was even
valid for the current mailman version at the time it was written, I'm
not sure that it was).

To unsubscribe from a mailman list you do exactly the steps JWZ
outlines for "sane" list software.

Point 2 is rather foolish too.  The password is needed to log in to
use the web front end to control your settings.  Many mailman sites
use SSL for this and the password is thus reasonably secure.  It
clearly provides much more than "zero" security.  If JWZ is so
paranoid, he ought to be using a list manager that authenticates all
email commands using PGP or other string crypto.

(Interestingly, a PGP patch was written a while back for mailman, not
so much for email commands but for managing a private list that
automatically encrypted to all recipients.  It could have been
extended slightly to decrypt and verify commands sent to if by
subscribers or list moderators.)

"Wrong and misinformed rants by otherwise highly intelligent and
respected individuals are considered harmful."  :)

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
When I was a boy I was told that anybody could become President; I'm
beginning to believe.
    -- Clarence Darrow

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iG0EARECAC0FAkRx+p8mGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1rCOwCeMTQOGxjYPxMCGm+tCAxnjznpep4An1WRYrSc
i0lhSLsqmmJsI/RkWLXX
=xKgS
-----END PGP SIGNATURE-----