Lindsay Haisley wrote: >On Fri, 2009-12-18 at 18:34 +0200, Geoff Shang wrote: >> Yes I can clear their moderation flag, and in fact this is what I first >> suggested, but my message was in response to a message from Mark who was >> putting forward the position that this was a bad idea and that it's better >> to post using the Approved: header instead. > >I don't entirely agree with Mark on this. I generally offer my >customers the option of using either mechanism, with the caveat that >using the mod flag is potentially less secure.
FWIW, I was recommending the Approved: <password> approach in the context of a reply where the OP said "I only want the list administrator to be able to post messages to the list". I agree that in the case where you have authorized posters who are not necessarily admins or moderators that controlling posting by unmoderating posters and/or accept_these_nonmembers is appropriate although still subject to spoofing. It all depends on the list. >You have two moderation passwords, one for "administrators" and one for >"moderators". Either will work in an "Approved" header or pseudo- >header. If you don't designate any moderators, then only the >administrator password is effective. There's no reason you couldn't >designate a group of moderators and give them the password, and then >change it administratively if their service is no longer needed. Just to be clear, the presence or absence of an email address in the owner or moderator attributes of a list has nothing to do with who can do what. It only controls where notices are sent and what appears in web page footers. It is quite possible to set a moderator password without adding any addresses to 'moderator', and anyone who knows that password can post an Approved: or Urgent: message and log in to the admindb page. See the FAQ at <http://wiki.list.org/x/5YA9>. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
