GitHub user sebbASF opened an issue:
https://github.com/apache/incubator-ponymail/issues/272
Bug: config.hidePrivate should be dropped
At present, if hidePrivate is true, the user won't see the names of lists
that contain a single e-mail which they are not authorised to see. If there is
just one prohibited mail, the entire list is hidden. That causes problems for
legitimate access to the public e-mails on mixed lists.
If hidePrivate is false, then preferences.lua returns information about
lists that are entirely private or mixed. This leaks meta-information about the
private lists. That can also cause problems.
The data returned by preferences.lua should only show info about mails
which the user is entitled to see. Further, the data should include all the
information the user is entitled to see.
AFAICT the hidePrivate config item does not have a valid use-case and
should be dropped.
----
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
