John Levine writes: > * Forwarding signature
Thanks, I was about to write something like this! > * Submit and sign > > When a user at a p=reject signs up for a list, you demand an OAUTH API > token if the the provider supports it, otherwise their host system > password. -1 on the password thing. It's too close to phishing, imposes serious privacy issues on Mailman hosts, and makes them targets for attack. This is too dangerous to be even an optional feature. Third party patches are OK, of course, but stock Mailman shouldn't do this. I'm fine with annoying the hell out of Yahoo! and AOL users with an OAuth request on every post. > This is less nice, it's a lot of software development. I don't think prototyping this is all that hard. We already have logic for checking DMARC thanks to dmarc_moderation_action. We just add the OAuth check to that, and if it fails, proceed to dmarc_moderation_action. _______________________________________________ Mailman-Developers mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
