Hi folks, We have an announcement mailing list (happens to be rather large, 16k) running on debian potato / mailman 1.1. We have sent out a couple mailings and so far its worked ok, were still ironing out some kinks here and there. However, we are concerned with the privacy of the subscribers. We initially noticed that anyone could see 1) if a user was subscribed 2) if they happened to be on vacation (or some other user option) simply by visiting the default list page and entering the users email... it is not until the user tries to make changes that their password is requested. Potentially someone could try random addresses, or addresses of people they were targeting, to see if they happened to be subscribed or not. We temporarily "bypassed" that problem by removing the option for a user to view/change their options from the web. However, now we realize that simply trying to subscribe to an email return back that X user is already subscribed to the list! Again, someone could enter random or targeted addresses to see if people are subscribed or not. I have yet to do a full round of research on my own, but as this issue is getting hot under my seat I was wondering if people on the list had constructive feedback? thanks, donfede ------------------------------------------------------ Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
