* JC Dill: > Florian Weimer wrote: > >>Last time I checked, Mailman lables its member-only archives >>"private", and the implicit promise to keep things posted to the list >>private is not kept if the software assigns easily guessed to new >>members. >> >>I can only repeat that Mailman's current behavior surprises your users >> *a* *lot*, >> > I disagree. > > So called "private" archives are only kept from prying eyes until those > eyes subscribe at which time they are then visible.
Moderating subscription is also supported and heavily used. List administrators expect that it keeps out unwanted guests. If this is not the case, you really should put a big fat warning somewhere on the list configuration page. >>and leads to security breaches. > I would love to see a cite for your claim of "leads to security > breaches". Do you know of actual cases where someone has gained access > to private archives by cracking a mailman generated semi-random password > rather than by simply subscribing, or by gaining access to a single > password thru intercept or social engineering means? Yes, see the leaked message. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
