http://bugzilla.spamassassin.org/show_bug.cgi?id=4546
------- Additional Comments From [EMAIL PROTECTED] 2005-08-21 23:34 -------
Subject: Re: [review] spamc/spamd learning has potentially dangerous
side-effects
> If the Bayes database backend is a DBM or SDBM file, B<--allow-tell>
> allows any user to write to any other user's database, which is not
> possible using just C<sa-learn>.
Maybe I'm missing some fine point of DB semantics here, but from the
viewpoint of the English language, the concept of something called
"allow-tell" allowing a tool to have world write access seems more than a
little strange. I would more expect an "allow-tell" option to grant world
*read* access, if anything of the sort.
Would it maybe make more sense to name the
option --allow-mallicious-data-corruption or some such, that might give a
person looking at a system config file a hint that this option is related to
granting write access to the database?
Loren
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
