alain williams writes:
> Do add what was discussed here a month or so ago: the ability for a
> list owner to change a user's email address.
Sorry, but this is a design problem that is way out of scope for
GSoC. For example
From: [email protected]
To: [email protected]
Subject: Please change my address
I can't access my addw address because I'm not working at phcomp
any more. -- Alain
Oops.
In general, addresses are *owned* by users. So you need to
authenticate the *user* in order to be sure you're changing the
address for the right person. List owners are often not even power
users. At least site owners can be expected to have some experience
with how nasty the raw Internet is and a certain amount of paranoia,
but that's not generally true of list administrators.
I want the people designing privilege hierarchies to be MUCH more
paranoid than typical site owners.
> ? should a list owner be able to do so ? Ie rogue/malicious list
> owners.
I'm not really worried about a rogue list owner. I'm worried about
naive list owners.
--
GNU Mailman consultant (installation, migration, customization)
Sirius Open Source https://www.siriusopensource.com/
Software systems consulting in Europe, North America, and Japan
_______________________________________________
Mailman-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/[email protected]/message/WH6AWDDBUJVJ6WH6JKH3PVD4A2JUQMQ7/
This message sent to [email protected]
