> When a user at a p=reject signs up for a list, you demand an OAUTH API
> token if the the provider supports it, otherwise their host system
> password.
-1 on the password thing. It's too close to phishing, imposes serious
privacy issues on Mailman hosts, and makes them targets for attack.
Honestly, Tough Noogies. Let list managers make their own security
decisions. AOL and Yahoo want all mail from their users to be
authenticated. Well, OK, this will do it.
I'm fine with annoying the hell out of Yahoo! and AOL users with an
OAuth request on every post.
My Yahoo contact tells me they eventually plan to do OAuth submission
which should have long lived tokens. But in the meantime, the submit hack
should work everywhere.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
Mailman-Developers mailing list
[email protected]
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
