-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mar 5, 2008, at 12:27 AM, Stephen J. Turnbull wrote:
> Cristóbal Palmer writes: > >> Even without the original message text a response is a problem. > > I agree -- the addresses are too easy to compute and do end up in > lists that are sold -- and would support consideration of changing the > defaults as proposed. > > But not for 2.1.10. Changing 2.1.10 is dumb software engineering and > hysterical policy. > > You see, as Jo Rhett points out (apparently without understanding), it > will have *no noticable effect* in the short run because *the proposed > change won't affect existing Mailman installations*, not even those > that upgrade to 2.1.10. > > So the right thing to do is to get 2.1.10 out the door as is, and get > started on 2.2. Then you can even discuss shutting off the feature > in *existing* installations and requiring admins of *existing* > installations to reactivate the feature if they want it.[1] That > would very likely have noticeable effect *much sooner* than the change > proposed for 2.1.10, and would be much less disruptive. Mark's the release manager for 2.1, but FWIW I completely agree with Stephen about this. What I would suggest though is that this information be put in a prominent place on the wiki. We have a security space with nothing substantial in it, so I suggest we put it here. http://wiki.list.org/display/SEC/Home This will get much more publicity and community input than in a README file. This is something you can do right now <wink>. We need to get 2.1.10 out and move on. I hope Jo, Cristobal, Ian and others will help us solve these problems in MM2.2 and 3.0. - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkfPJKcACgkQ2YZpQepbvXGicQCeMN5dv4sutxfUfzvL1FHNzZp1 McAAoIGPH+NOxU+nzOrlzV4egzw8EYtg =d5ci -----END PGP SIGNATURE----- _______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
