It seems like it would be nice to setup a method of confirmation for *approving* messages that uses a unique token instead of the list password; while (hopefully) in most cases, the moderator will be sending approval messages over SSL or from the same machine the list is on, it seems like a bad idea to make the confirmation token the list password (especially in case you accidentally add the 'Approved:' header to the wrong message, or in case someone spoofed a message appearing to be from Mailman in order to try and scam list passwords)....
How about generating a unique one time password and having people add this to the Approved: header? This would make it much harder for someone to accidentally disclose the list (or worse, site) password. -- "Since when is skepticism un-American? Dissent's not treason but they talk like it's the same..." (Sleater-Kinney - "Combat Rock") ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
