Re: [Mailman-Developers] CAPTCHA support

[David Andrews]

At 04:35 AM 3/7/2016, Florian Fuchs wrote:

On Sat, Mar 05, 2016 at 16:27:31PM +0530, Aditya Divekar wrote:
As a side-note, especially to those who are using screen readers: What is
your experience regarding the use of JavaScript in current screen readers? Is
this still mostly a no-go for web sites aiming to be accessible or has there
been some improvement?


Most Javascript works fine, as long as it doesn't do unorthodox 
things in unorthodox ways, javascript should work with screen 
readers. After all, most web sites use it to one extent or another.


Dave




David Andrews and long white cane Harry.
E-Mail:  dandr...@visi.com or david.andr...@nfbnet.org

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Christian Schoepplein]

On Mo, Mär 07, 2016 at 11:35:00 +0100, Florian Fuchs wrote:
>There are a number of alternatives to captchas to prevent spam. None of them
>is perfect, but one I kind of like is the honeypot approach:
>
>It's basically an empty and visually hidden input field that is ecpected to
>be emptily submitted. Most spam bots will try to fill it with some text,
>which is the warning flag that can be used to ignore those submits.
>
>The big plus is that it won't require human users to take any extra action,
>making it completely unobtrusive to *most* users.
>
>The one major downside is that it might be confusing to users who use screen
>readers and to whom this extra input is properly displayed, which might cause
>some confusion. Of course, this can be solved somewhat by labelling the field
>accordingly, something like "Are you human? Than keep this empty".

I think I was using sites with this spam protection approach and itwas 
OK for me.If the field which needs to be empty is clearly labeled, it 
should cause no problem.

>Also, I have no idea how sophisticated spam bots are becoming in detecting
>honeypots, for instance by only trying to use "known" fields like "username",
>"email address" and so forth.

Because the mailman sites which are publicly available to the users 
doall have the same structure, programming bots that can handle this 
sites will be no big problem IMHO.

>Still, even if this is not a perfect solution, it might still be better than
>the big usage impediment of captchas.

Full ACK :-).

>As a side-note, especially to those who are using screen readers: What is
>your experience regarding the use of JavaScript in current screen readers? Is
>this still mostly a no-go for web sites aiming to be accessible or has there
>been some improvement?

Javascript is no problem with modern screen readers and browsers, so no 
need to not use it. But for example I work very ofthen on linux systems 
in the console and there is no browser with Javascript support, for this 
reason I'm happy about every site that is also useable inthis 
environment :-).

Ciao,

  Schoepp

-- 
Christian Schoepplein -  - http://schoeppi.net

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Florian Fuchs]

On Sat, Mar 05, 2016 at 16:27:31PM +0530, Aditya Divekar wrote:

Hi!
I was looking around the mailman code, and could not find the functionality
for captcha in the mailing lists subscription pages.
I think it could be a good feature to implement in the upcoming versions,
and would like to know if its a good idea?
I also came across the thread -
http://permalink.gmane.org/gmane.mail.mailman.user/74167
and read about the previous discussion on it by some members.
Since captcha back then was easier to break, it might not have been a
profitable feature, according to the thread.
But with the new recaptcha, I would like to know if the stand is the same.


There are a number of alternatives to captchas to prevent spam. None of them
is perfect, but one I kind of like is the honeypot approach:

It's basically an empty and visually hidden input field that is ecpected to
be emptily submitted. Most spam bots will try to fill it with some text,
which is the warning flag that can be used to ignore those submits.

The big plus is that it won't require human users to take any extra action,
making it completely unobtrusive to *most* users.

The one major downside is that it might be confusing to users who use screen
readers and to whom this extra input is properly displayed, which might cause
some confusion. Of course, this can be solved somewhat by labelling the field
accordingly, something like "Are you human? Than keep this empty".

Also, I have no idea how sophisticated spam bots are becoming in detecting
honeypots, for instance by only trying to use "known" fields like "username",
"email address" and so forth.

Still, even if this is not a perfect solution, it might still be better than
the big usage impediment of captchas.

As a side-note, especially to those who are using screen readers: What is
your experience regarding the use of JavaScript in current screen readers? Is
this still mostly a no-go for web sites aiming to be accessible or has there
been some improvement?

Cheers,
Florian




Thanks

Aditya
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/f%40florianfuchs.com

Security Policy: http://wiki.list.org/x/QIA9

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Aditya Divekar]

I was thinking of this as a side project to work on, not related to gsoc.
And I would be interested in working on this in case it's started as a
project :)
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Ralf Hildebrandt]

* Stephen J. Turnbull :
> Barry Warsaw writes:
> 
>  > I'll be honest, I really hate captchas.
> 
> I do too, and will not work on adding them.  But they're a frequent
> RFE (or were at one time), and with Google oomph behind reCAPTCHA, I
> wouldn't be surprised if they rise in popularity again.  And they
> don't violate any RFCs.
> 
> If Abhilash wants to work on them, let him!  As long as it's a boolean
> option using an external service like reCAPTCHA (if you think
> set(Google) <= set(NSA) you need not use it), the bug maintenance
> burden should be low, we can always refuse future RFEs, and if it
> keeps some people from trying to filter spam or spammer subscriptions
> in Mailman it might even be a net configuration support win.

Same here. If it's optional, why not?

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de  Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Stephen J. Turnbull]

Barry Warsaw writes:

 > I'll be honest, I really hate captchas.

I do too, and will not work on adding them.  But they're a frequent
RFE (or were at one time), and with Google oomph behind reCAPTCHA, I
wouldn't be surprised if they rise in popularity again.  And they
don't violate any RFCs.

If Abhilash wants to work on them, let him!  As long as it's a boolean
option using an external service like reCAPTCHA (if you think
set(Google) <= set(NSA) you need not use it), the bug maintenance
burden should be low, we can always refuse future RFEs, and if it
keeps some people from trying to filter spam or spammer subscriptions
in Mailman it might even be a net configuration support win.

IMO the only tough call would be a GSoC proposal, because that
probably would force us to refuse another proposal.  There I would
advocate taking the attitude that we should look at the quality of the
students and their likelihoods of future attachment to Mailman, and
not discriminate against this particular potential project unless the
students really are quite equivalent.

Steve

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Stephen J. Turnbull]

Barry Warsaw writes:

 > Great idea.  The core already had a 'ui' tag but I renamed that 'usability'.
 > I also added an 'accessibility' tag,

Ah, you're right -- spelling usability as "ui" or "ux" would be an
"ax" barrier to everybody but us chickens, er, core devs.

+1 for usability and accessibility.

 > and I tried to add some reasonable descriptions to these two tags

LGTM.

BTW, should the "handlers" tag mention "rules" and "chains"?  I don't
really see why they would be a different category from the point of
view of developers, but users reporting issues might see a distinction
and be confused by the "missing" "rules" tag.

Generic issue for label descriptions filed: mailman/issues/#200.

 > (as well as color code them similarly).

It's a shame that page doesn't group by colors, maybe?  You know, a
sort of poor man's thesaurus to help the user pick the best of similar
tags.  I'll think about it and file a RFE with gitlab if it seems to
make sense.

Steve
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Barry Warsaw]

On Mar 06, 2016, at 11:20 AM, Stephen J. Turnbull wrote:

>This is a continuing goal of mine, for sure, and I think of all
>Mailman developers.  But AFAIK we're all equipped with average-ish
>levels of the usual senses, so feel free to remind us of the
>principle, and if you notice any specific issues for accessibility,
>*please* report them.  We probably won't notice them ourselves. :-(
>
>@self (or anybody who wants to check and implement :-): We should have
>an accessibility tag (and probably a usability or ux tag to
>differentiate the use cases) on the tracker.

Great idea.  The core already had a 'ui' tag but I renamed that 'usability'.
I also added an 'accessibility' tag, and I tried to add some reasonable
descriptions to these two tags (as well as color code them similarly).  The
core doesn't have a lot of these issues, and I'll leave it to others to add
the appropriate similar tags to Postorius and HyperKitty.

https://gitlab.com/mailman/mailman/labels

Suggestions for improvements welcome!

Cheers,
-Barry
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Barry Warsaw]

On Mar 05, 2016, at 10:33 AM, Mark Sapiro wrote:

>Subscription confirmation has nothing to do with spam subscription
>attempts. It is to prevent me (a human) from subscribing other people's
>addresses to lists. Captchas and similar hoops to jump through do not
>stop my doing that and do not obviate the need for confirmation.

I'll be honest, I really hate captchas.

Cheers,
-Barry
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Dean Suhr]

As the parent and caregiver for a disabled child (age 35) and a nationally 
known advocate for the 1 in 10 worldwide with one of 7,000 rare diseases, I 
have great respect for those with disabilities … and for those aging, like me, 
who are increasingly visually and audibly challenged.

With that said, each list serves a different audience and has a different mix 
of challenges with their potential subscribers.  For this reason I would 
suggest that CAPTCHA be an optional feature that the list admin configures 
(perhaps with a paragraph of helpful perspective that explains the challenges 
of CAPTCHAs which can be gleaned from the other comments in this thread).

While CAPTCHA is not a 100% perfect solution, I can imagine situations where a 
25 or 50% solution is still incrementally but notably helpful.  

Let’s leave that decision up to the list administrator on a list by list basis. 

Dean

> On Mar 6, 2016, at 4:51 AM, Stephen J. Turnbull  wrote:
> 
> David Andrews writes:
> 
>> Some audio CAPTCHA's are ok, some are virtually impossible to 
>> decipher. Also, audio CAPTCHAs do not work at all for deaf-blind
>> persons.
> 
> Thanks for going on record!
> 
>> So, while it depends, audio CAPTCHA is a mixed experience at best, 
>> and impossible at worst.
> 
> I kinda expected that.
> 
> Steve
> ___
> Mailman-Developers mailing list
> Mailman-Developers@python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives: 
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe: 
> https://mail.python.org/mailman/options/mailman-developers/deansuhr%40deansuhr.us
> 
> Security Policy: http://wiki.list.org/x/QIA9

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Stephen J. Turnbull]

David Andrews writes:

 > Some audio CAPTCHA's are ok, some are virtually impossible to 
 > decipher. Also, audio CAPTCHAs do not work at all for deaf-blind
 > persons.

Thanks for going on record!

 > So, while it depends, audio CAPTCHA is a mixed experience at best, 
 > and impossible at worst.

I kinda expected that.

Steve
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[David Andrews]

At 04:57 AM 3/5/2016, Aditya Divekar wrote:

Hi!
I was looking around the mailman code, and could not find the functionality
for captcha in the mailing lists subscription pages.
I think it could be a good feature to implement in the upcoming versions,
and would like to know if its a good idea?
I also came across the thread -
http://permalink.gmane.org/gmane.mail.mailman.user/74167
and read about the previous discussion on it by some members.
Since captcha back then was easier to break, it might not have been a
profitable feature, according to the thread.
But with the new recaptcha, I would like to know if the stand is the same.


There are a number of blind Mailman Admins out here, including 
myself, and many thousands of b lind or visually impaired users, for 
whom CAPTCHA can be a problem. We hate pictures of words and numbers, 
and are in favor of no CAPTCHA!


Dave




David Andrews and long white cane Harry.
E-Mail:  dandr...@visi.com or david.andr...@nfbnet.org

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[David Andrews]

At 08:20 PM 3/5/2016, Stephen J. Turnbull wrote:

Christian Schoepplein writes:
 > On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are 
implemented, they would have to be

 > > optional in my opinion as they would
 > > require signing up for a token with the captcha provider.
 >
 > Yes, if captchas really have to be implemented, please, please make
 > them optional! For example many blind people are using mailman and
 > captchas are a nightmare for them and from the point of view
 > regarding accessibility in general.

Be reassured: we understand (but easily forget, so feel free to remind
us!)

What is the opinion of audio captchas?  That is, do they actually
work, and are they a significant inconvenience even if they are at
least in theory possible to use for blind persons?  Google ReCAPTCHA
implements an audio recaptcha option, for example.


Some audio CAPTCHA's are ok, some are virtually impossible to 
decipher. Also, audio CAPTCHAs do not work at all for deaf-blind persons.


So, while it depends, audio CAPTCHA is a mixed experience at best, 
and impossible at worst.


Dave




David Andrews and long white cane Harry.
E-Mail:  dandr...@visi.com or david.andr...@nfbnet.org

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Rich Kulawiec]

On Sat, Mar 05, 2016 at 04:27:31PM +0530, Aditya Divekar wrote:
> I was looking around the mailman code, and could not find the functionality
> for captcha in the mailing lists subscription pages.

As someone who has been studying email abuse for 30+ years, I strongly
recommend against captchas for several reasons.

First, as noted elsewhere in this thread, they're problematic for impaired
or disabled users.

Second, they've been quite thoroughly defeated by advances in image
processing and character recognition.  We have long since passed the
point where the difficulty of captchas solvable by software has
exceeded the difficulty of captchas solvable by humans.

Third, as often noted elsewhere, it is relatively easy to conscript
humans (knowingly or unknowingly) into the mass solving of captchas.

Fourth, either a given instance is or is not a target of interest
to adversaries. If it is not, the captchas are of course not needed.
If it is, then they will not help: any modestly-clueful adversary
will go through them like they're not even there.

Bottom line: captchas are, at best, wishful thinking.  There is zero
operational reason to deploy them in 2016.

---rsk
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Stephen J. Turnbull]

Christian Schoepplein writes:
 > On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they 
 > would have to be 
 > > optional in my opinion as they would
 > > require signing up for a token with the captcha provider. 
 > 
 > Yes, if captchas really have to be implemented, please, please make
 > them optional! For example many blind people are using mailman and
 > captchas are a nightmare for them and from the point of view
 > regarding accessibility in general.

Be reassured: we understand (but easily forget, so feel free to remind
us!)

What is the opinion of audio captchas?  That is, do they actually
work, and are they a significant inconvenience even if they are at
least in theory possible to use for blind persons?  Google ReCAPTCHA
implements an audio recaptcha option, for example.

 > Mailman 2.x is very accessible so far

Thank you!

 > and unfortunatly I hadn't time to take a look if postorius is also
 > good to use, but keeping mailman useable also for users with
 > disabilities should be always kept in mind IMHO!

This is a continuing goal of mine, for sure, and I think of all
Mailman developers.  But AFAIK we're all equipped with average-ish
levels of the usual senses, so feel free to remind us of the
principle, and if you notice any specific issues for accessibility,
*please* report them.  We probably won't notice them ourselves. :-(

@self (or anybody who wants to check and implement :-): We should have
an accessibility tag (and probably a usability or ux tag to
differentiate the use cases) on the tracker.

 > If spam protection mechanisms are needed,

No "if" about it, unfortunately.  But we do try to avoid mechanisms
that impose more pain on real users than on spammers.

Steve
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] CAPTCHA support

[Stephen J. Turnbull]

Aditya Divekar writes:

 > But with the new recaptcha, I would like to know if the stand is
 > the same.

ReCAPTCHA looks very good, though I haven't used it.  However, the
professional spammers are quite capable of hiring humans to do their
work, and even conceal it as being charitable work (digitizing old
books, for example).  On the other hand, unsophisticated spammers are
easily turned away with simple textchas (eg, the Python sites use
questions like "What is van Rossum's first name?" -- no, I didn't try
"Just" :-).

I conclude that spam is a disease and evolves resistance to antispam
technology at rates that resemble the ability of bacteria to evolve
resistance to antibiotics, and we just have to keep a careful watch on
every mail service we administer to see what the spammers are up to in
our neighborhoods.

Steve

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Mark Sapiro]

On 03/05/2016 04:03 AM, Aditya Divekar wrote:
> 
> I was mostly basing this idea on the lines that it is easy to put in a spam
> subscription request to the mailing lists now.
> Implementing captcha could nip most of these attempts in the bud itself,
> and save mailman the extra efforts of sending the confirmation link to the
> subscriber.


Subscription confirmation has nothing to do with spam subscription
attempts. It is to prevent me (a human) from subscribing other people's
addresses to lists. Captchas and similar hoops to jump through do not
stop my doing that and do not obviate the need for confirmation.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Aditya Divekar]

Yes, I was of the opinion that it could be an optional feature.

Making it compulsory would involve critical problems as mentioned above by
Christian, and might sometimes be disagreeable to list users who think its
an unnecessary overhead of time.

I was mostly basing this idea on the lines that it is easy to put in a spam
subscription request to the mailing lists now.
Implementing captcha could nip most of these attempts in the bud itself,
and save mailman the extra efforts of sending the confirmation link to the
subscriber.

Thanks.

Aditya
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Christian Schoepplein]

On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they 
would have to be 
> optional in my opinion as they would
> require signing up for a token with the captcha provider. 

Yes, if captchas really have to be implemented, please, please make them 
optional! For example many blind people are using mailman and captchas are a 
nightmare for them and from the point of view regarding accessibility in 
general.

Mailman 2.x is very accessible so far and unfortunatly I hadn't time to take a 
look if postorius is also good to use, but keeping mailman useable also for 
users with disabilities should be always kept in mind IMHO!

If spam protection mechanisms are needed, please think about better 
alternatives or make this mechanisms optional!

Thanks and all the best,

  Christian

-- 
Christian Schoepplein - ch...@schoeppi.net - http://www.schoeppi.net
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Simon Hanna]

On 03/05/2016 11:57 AM, Aditya Divekar wrote:
> Hi!
> I was looking around the mailman code, and could not find the functionality
> for captcha in the mailing lists subscription pages.
> I think it could be a good feature to implement in the upcoming versions,
> and would like to know if its a good idea?
> I also came across the thread -
> http://permalink.gmane.org/gmane.mail.mailman.user/74167
> and read about the previous discussion on it by some members.
> Since captcha back then was easier to break, it might not have been a
> profitable feature, according to the thread.
> But with the new recaptcha, I would like to know if the stand is the same.
The message you mentioned said that it might be because of lacking csrf 
protection.
With django all the forms are protected by csrf.

About captchas. If they are implemented, they would have to be optional in my 
opinion as they would
require signing up for a token with the captcha provider. Or were you thinking 
about implementing
your own service? I'm pretty sure there are django apps out there that add 
captcha support.
It would be a nice addition if it's optional. If it's not I guess it would need 
more discussion.

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9