[I'm moving this discussion to mailman-developers. -BAW]
>>>>> "SB" == Stonewall Ballard <[EMAIL PROTECTED]> writes:
SB> I've recently discovered that vacation autoresponders will
SB> subscribe recipients to Mailman lists when they get "invited".
Dang. This is because the From address contains the confirmation
cookie encoded in the address. This might kill this idea for
ease-of-use confirmations.
SB> This is not good. It makes the feature dangerous if you've
SB> promised to not subscribe anyone without their assent.
Can you submit a bug report on this? We'll have to decide what to do
long term.
SB> Is there any way to avoid this problem, other than not using
SB> the feature? This is yet another reason to move to URLs with
SB> unique keys instead of using passwords. Such a URL could be
SB> embedded in the invitation message.
Take away the From header cookie and that's essentially what you've
got in the invitation message.
I'm up for any other ideas.
-Barry
_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
