Charles Marcus wrote:

You replied on list, so I will too...

Not really a very wise idea. When I use my @python.org e-mail address (which I very rarely do), I speak from a position of a certain amount of authority on the subject.

If you want to try to have a civilized private conversation with us on the subject, we can probably find a way to do that.

But if you continue to aggressively and publicly challenge us on our own mailing list over a topics that were considered dead and buried years ago, the only likely outcomes are ones that you probably will not like.

though, most discussion lists - for most people, using the most popular mail clients - operate much more smoothly when Reply-to munging is implemented.

In your experience. And how many decades have you been specializing in Internet e-mail systems administration?

How many of the screwed-up MUAs that we talk about have you actually encountered? None?

So, it is out of ignorance that you say everyone should completely and totally ignore our advice?

Do you really want to use ignorance as your only defense?

*My* point was simply pointing out that there *is a preference setting* in the Mailman GUI for changing this, so if someone *wants* to change it, they obviously *can* - so what difference does the *default* make?

The default makes a huge difference.  Ask Microsoft.

In my experience, over 90% never change the defaults on the software they install, whether you're talking about our mailing list management software or anything else.

If those defaults are not secure, then they are not secure -- again, go talk to Microsoft.

There are lots of admins out there who are capable of doing an "apt-get mailman" (or whatever), and not much beyond that. Therefore, we have to be extra careful in terms of what is enabled or disabled by default.


There are battered womens shelters who use our software, and some of those battered women literally do have stalkers coming after them. There are dissident groups in authoritarian countries that use our software, and some of those dissident groups really do have the secret police coming after them.

These kinds of things are always in the backs of our minds as we develop and maintain our software, and while we won't necessarily leave out certain features of our software just because it could be dangerous if mis-configured, we certainly do keep in mind the fact that we should probably ship those features disabled by default.


But as strongly as we hold our views that Reply-To: munging should not be done, we do acknowledge that there are certain limited circumstances where it might potentially be acceptable to do this kind of munging -- like when a company is running an internal discussion list and they want to force all their employees to keep all replies on the list. And if those employees screw up and post sensitive private information on the list, then the only thing at risk is their jobs, and the jobs of any others who might have also been accidentally exposed.


So, we allow people like you to choose to configure your software differently. Why can you not accept that we choose to configure the default for this option to be disabled?

Do you really want to take that fascist approach with us, where we hold an opinion but we allow you to speak, but you do not in return allow us the same courtesy?

Sorry, but this isn't true for any mail client I've ever used... ever heard of copy/cut/paste? Yeah, it requires some manual labor, rather than clicking a button, but it can still be done.

Just because you have not encountered something does not mean it does not exist. There are those of us who've actually been around for a while who have seen all sorts of seriously weird crap.

And your claim that you've never run into this weird crap is not proof that this weird crap does not and cannot exist.

If someone is dumb enough to send information of such a nature without actually *looking* at where it is going, then yeah, they might actually be required to pay the consequences...

Then you be the one to try to explain that to their surviving family members. Go back to the top of this response and re-read the part where I talked about who some of our customers are for this software.

And no, as much as I might like to, I'm not going to provide those family members with firearms, so that they can demonstrate to you the danger that their dear departed one faced.

I did... I just believe that it is *ideally* correct, but *realistically* incorrect,

I'm glad you feel privileged that you are the only person on the planet who should be allowed to define what reality is.

--
Brad Knowles <[EMAIL PROTECTED]>
Member of the Python.org Postmaster Team & Co-Moderator of the
mailman-users and mailman-developers mailing lists
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&amp;file=faq01.027.htp

Reply via email to