Re: [Mailman-Developers] CAPTCHA support
At 04:35 AM 3/7/2016, Florian Fuchs wrote: On Sat, Mar 05, 2016 at 16:27:31PM +0530, Aditya Divekar wrote: As a side-note, especially to those who are using screen readers: What is your experience regarding the use of JavaScript in current screen readers? Is this still mostly a no-go for web sites aiming to be accessible or has there been some improvement? Most Javascript works fine, as long as it doesn't do unorthodox things in unorthodox ways, javascript should work with screen readers. After all, most web sites use it to one extent or another. Dave David Andrews and long white cane Harry. E-Mail: dandr...@visi.com or david.andr...@nfbnet.org ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
On Mo, Mär 07, 2016 at 11:35:00 +0100, Florian Fuchs wrote: >There are a number of alternatives to captchas to prevent spam. None of them >is perfect, but one I kind of like is the honeypot approach: > >It's basically an empty and visually hidden input field that is ecpected to >be emptily submitted. Most spam bots will try to fill it with some text, >which is the warning flag that can be used to ignore those submits. > >The big plus is that it won't require human users to take any extra action, >making it completely unobtrusive to *most* users. > >The one major downside is that it might be confusing to users who use screen >readers and to whom this extra input is properly displayed, which might cause >some confusion. Of course, this can be solved somewhat by labelling the field >accordingly, something like "Are you human? Than keep this empty". I think I was using sites with this spam protection approach and itwas OK for me.If the field which needs to be empty is clearly labeled, it should cause no problem. >Also, I have no idea how sophisticated spam bots are becoming in detecting >honeypots, for instance by only trying to use "known" fields like "username", >"email address" and so forth. Because the mailman sites which are publicly available to the users doall have the same structure, programming bots that can handle this sites will be no big problem IMHO. >Still, even if this is not a perfect solution, it might still be better than >the big usage impediment of captchas. Full ACK :-). >As a side-note, especially to those who are using screen readers: What is >your experience regarding the use of JavaScript in current screen readers? Is >this still mostly a no-go for web sites aiming to be accessible or has there >been some improvement? Javascript is no problem with modern screen readers and browsers, so no need to not use it. But for example I work very ofthen on linux systems in the console and there is no browser with Javascript support, for this reason I'm happy about every site that is also useable inthis environment :-). Ciao, Schoepp -- Christian Schoepplein - - http://schoeppi.net ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
On Sat, Mar 05, 2016 at 16:27:31PM +0530, Aditya Divekar wrote: Hi! I was looking around the mailman code, and could not find the functionality for captcha in the mailing lists subscription pages. I think it could be a good feature to implement in the upcoming versions, and would like to know if its a good idea? I also came across the thread - http://permalink.gmane.org/gmane.mail.mailman.user/74167 and read about the previous discussion on it by some members. Since captcha back then was easier to break, it might not have been a profitable feature, according to the thread. But with the new recaptcha, I would like to know if the stand is the same. There are a number of alternatives to captchas to prevent spam. None of them is perfect, but one I kind of like is the honeypot approach: It's basically an empty and visually hidden input field that is ecpected to be emptily submitted. Most spam bots will try to fill it with some text, which is the warning flag that can be used to ignore those submits. The big plus is that it won't require human users to take any extra action, making it completely unobtrusive to *most* users. The one major downside is that it might be confusing to users who use screen readers and to whom this extra input is properly displayed, which might cause some confusion. Of course, this can be solved somewhat by labelling the field accordingly, something like "Are you human? Than keep this empty". Also, I have no idea how sophisticated spam bots are becoming in detecting honeypots, for instance by only trying to use "known" fields like "username", "email address" and so forth. Still, even if this is not a perfect solution, it might still be better than the big usage impediment of captchas. As a side-note, especially to those who are using screen readers: What is your experience regarding the use of JavaScript in current screen readers? Is this still mostly a no-go for web sites aiming to be accessible or has there been some improvement? Cheers, Florian Thanks Aditya ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/f%40florianfuchs.com Security Policy: http://wiki.list.org/x/QIA9 ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
I was thinking of this as a side project to work on, not related to gsoc. And I would be interested in working on this in case it's started as a project :) ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
* Stephen J. Turnbull: > Barry Warsaw writes: > > > I'll be honest, I really hate captchas. > > I do too, and will not work on adding them. But they're a frequent > RFE (or were at one time), and with Google oomph behind reCAPTCHA, I > wouldn't be surprised if they rise in popularity again. And they > don't violate any RFCs. > > If Abhilash wants to work on them, let him! As long as it's a boolean > option using an external service like reCAPTCHA (if you think > set(Google) <= set(NSA) you need not use it), the bug maintenance > burden should be low, we can always refuse future RFEs, and if it > keeps some people from trying to filter spam or spammer subscriptions > in Mailman it might even be a net configuration support win. Same here. If it's optional, why not? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
Barry Warsaw writes: > I'll be honest, I really hate captchas. I do too, and will not work on adding them. But they're a frequent RFE (or were at one time), and with Google oomph behind reCAPTCHA, I wouldn't be surprised if they rise in popularity again. And they don't violate any RFCs. If Abhilash wants to work on them, let him! As long as it's a boolean option using an external service like reCAPTCHA (if you think set(Google) <= set(NSA) you need not use it), the bug maintenance burden should be low, we can always refuse future RFEs, and if it keeps some people from trying to filter spam or spammer subscriptions in Mailman it might even be a net configuration support win. IMO the only tough call would be a GSoC proposal, because that probably would force us to refuse another proposal. There I would advocate taking the attitude that we should look at the quality of the students and their likelihoods of future attachment to Mailman, and not discriminate against this particular potential project unless the students really are quite equivalent. Steve ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
Barry Warsaw writes: > Great idea. The core already had a 'ui' tag but I renamed that 'usability'. > I also added an 'accessibility' tag, Ah, you're right -- spelling usability as "ui" or "ux" would be an "ax" barrier to everybody but us chickens, er, core devs. +1 for usability and accessibility. > and I tried to add some reasonable descriptions to these two tags LGTM. BTW, should the "handlers" tag mention "rules" and "chains"? I don't really see why they would be a different category from the point of view of developers, but users reporting issues might see a distinction and be confused by the "missing" "rules" tag. Generic issue for label descriptions filed: mailman/issues/#200. > (as well as color code them similarly). It's a shame that page doesn't group by colors, maybe? You know, a sort of poor man's thesaurus to help the user pick the best of similar tags. I'll think about it and file a RFE with gitlab if it seems to make sense. Steve ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
On Mar 06, 2016, at 11:20 AM, Stephen J. Turnbull wrote: >This is a continuing goal of mine, for sure, and I think of all >Mailman developers. But AFAIK we're all equipped with average-ish >levels of the usual senses, so feel free to remind us of the >principle, and if you notice any specific issues for accessibility, >*please* report them. We probably won't notice them ourselves. :-( > >@self (or anybody who wants to check and implement :-): We should have >an accessibility tag (and probably a usability or ux tag to >differentiate the use cases) on the tracker. Great idea. The core already had a 'ui' tag but I renamed that 'usability'. I also added an 'accessibility' tag, and I tried to add some reasonable descriptions to these two tags (as well as color code them similarly). The core doesn't have a lot of these issues, and I'll leave it to others to add the appropriate similar tags to Postorius and HyperKitty. https://gitlab.com/mailman/mailman/labels Suggestions for improvements welcome! Cheers, -Barry ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
On Mar 05, 2016, at 10:33 AM, Mark Sapiro wrote: >Subscription confirmation has nothing to do with spam subscription >attempts. It is to prevent me (a human) from subscribing other people's >addresses to lists. Captchas and similar hoops to jump through do not >stop my doing that and do not obviate the need for confirmation. I'll be honest, I really hate captchas. Cheers, -Barry ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
As the parent and caregiver for a disabled child (age 35) and a nationally known advocate for the 1 in 10 worldwide with one of 7,000 rare diseases, I have great respect for those with disabilities … and for those aging, like me, who are increasingly visually and audibly challenged. With that said, each list serves a different audience and has a different mix of challenges with their potential subscribers. For this reason I would suggest that CAPTCHA be an optional feature that the list admin configures (perhaps with a paragraph of helpful perspective that explains the challenges of CAPTCHAs which can be gleaned from the other comments in this thread). While CAPTCHA is not a 100% perfect solution, I can imagine situations where a 25 or 50% solution is still incrementally but notably helpful. Let’s leave that decision up to the list administrator on a list by list basis. Dean > On Mar 6, 2016, at 4:51 AM, Stephen J. Turnbullwrote: > > David Andrews writes: > >> Some audio CAPTCHA's are ok, some are virtually impossible to >> decipher. Also, audio CAPTCHAs do not work at all for deaf-blind >> persons. > > Thanks for going on record! > >> So, while it depends, audio CAPTCHA is a mixed experience at best, >> and impossible at worst. > > I kinda expected that. > > Steve > ___ > Mailman-Developers mailing list > Mailman-Developers@python.org > https://mail.python.org/mailman/listinfo/mailman-developers > Mailman FAQ: http://wiki.list.org/x/AgA3 > Searchable Archives: > http://www.mail-archive.com/mailman-developers%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-developers/deansuhr%40deansuhr.us > > Security Policy: http://wiki.list.org/x/QIA9 ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
David Andrews writes: > Some audio CAPTCHA's are ok, some are virtually impossible to > decipher. Also, audio CAPTCHAs do not work at all for deaf-blind > persons. Thanks for going on record! > So, while it depends, audio CAPTCHA is a mixed experience at best, > and impossible at worst. I kinda expected that. Steve ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
At 04:57 AM 3/5/2016, Aditya Divekar wrote: Hi! I was looking around the mailman code, and could not find the functionality for captcha in the mailing lists subscription pages. I think it could be a good feature to implement in the upcoming versions, and would like to know if its a good idea? I also came across the thread - http://permalink.gmane.org/gmane.mail.mailman.user/74167 and read about the previous discussion on it by some members. Since captcha back then was easier to break, it might not have been a profitable feature, according to the thread. But with the new recaptcha, I would like to know if the stand is the same. There are a number of blind Mailman Admins out here, including myself, and many thousands of b lind or visually impaired users, for whom CAPTCHA can be a problem. We hate pictures of words and numbers, and are in favor of no CAPTCHA! Dave David Andrews and long white cane Harry. E-Mail: dandr...@visi.com or david.andr...@nfbnet.org ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
At 08:20 PM 3/5/2016, Stephen J. Turnbull wrote: Christian Schoepplein writes: > On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they would have to be > > optional in my opinion as they would > > require signing up for a token with the captcha provider. > > Yes, if captchas really have to be implemented, please, please make > them optional! For example many blind people are using mailman and > captchas are a nightmare for them and from the point of view > regarding accessibility in general. Be reassured: we understand (but easily forget, so feel free to remind us!) What is the opinion of audio captchas? That is, do they actually work, and are they a significant inconvenience even if they are at least in theory possible to use for blind persons? Google ReCAPTCHA implements an audio recaptcha option, for example. Some audio CAPTCHA's are ok, some are virtually impossible to decipher. Also, audio CAPTCHAs do not work at all for deaf-blind persons. So, while it depends, audio CAPTCHA is a mixed experience at best, and impossible at worst. Dave David Andrews and long white cane Harry. E-Mail: dandr...@visi.com or david.andr...@nfbnet.org ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
On Sat, Mar 05, 2016 at 04:27:31PM +0530, Aditya Divekar wrote: > I was looking around the mailman code, and could not find the functionality > for captcha in the mailing lists subscription pages. As someone who has been studying email abuse for 30+ years, I strongly recommend against captchas for several reasons. First, as noted elsewhere in this thread, they're problematic for impaired or disabled users. Second, they've been quite thoroughly defeated by advances in image processing and character recognition. We have long since passed the point where the difficulty of captchas solvable by software has exceeded the difficulty of captchas solvable by humans. Third, as often noted elsewhere, it is relatively easy to conscript humans (knowingly or unknowingly) into the mass solving of captchas. Fourth, either a given instance is or is not a target of interest to adversaries. If it is not, the captchas are of course not needed. If it is, then they will not help: any modestly-clueful adversary will go through them like they're not even there. Bottom line: captchas are, at best, wishful thinking. There is zero operational reason to deploy them in 2016. ---rsk ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
Christian Schoepplein writes: > On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they > would have to be > > optional in my opinion as they would > > require signing up for a token with the captcha provider. > > Yes, if captchas really have to be implemented, please, please make > them optional! For example many blind people are using mailman and > captchas are a nightmare for them and from the point of view > regarding accessibility in general. Be reassured: we understand (but easily forget, so feel free to remind us!) What is the opinion of audio captchas? That is, do they actually work, and are they a significant inconvenience even if they are at least in theory possible to use for blind persons? Google ReCAPTCHA implements an audio recaptcha option, for example. > Mailman 2.x is very accessible so far Thank you! > and unfortunatly I hadn't time to take a look if postorius is also > good to use, but keeping mailman useable also for users with > disabilities should be always kept in mind IMHO! This is a continuing goal of mine, for sure, and I think of all Mailman developers. But AFAIK we're all equipped with average-ish levels of the usual senses, so feel free to remind us of the principle, and if you notice any specific issues for accessibility, *please* report them. We probably won't notice them ourselves. :-( @self (or anybody who wants to check and implement :-): We should have an accessibility tag (and probably a usability or ux tag to differentiate the use cases) on the tracker. > If spam protection mechanisms are needed, No "if" about it, unfortunately. But we do try to avoid mechanisms that impose more pain on real users than on spammers. Steve ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] CAPTCHA support
Aditya Divekar writes: > But with the new recaptcha, I would like to know if the stand is > the same. ReCAPTCHA looks very good, though I haven't used it. However, the professional spammers are quite capable of hiring humans to do their work, and even conceal it as being charitable work (digitizing old books, for example). On the other hand, unsophisticated spammers are easily turned away with simple textchas (eg, the Python sites use questions like "What is van Rossum's first name?" -- no, I didn't try "Just" :-). I conclude that spam is a disease and evolves resistance to antispam technology at rates that resemble the ability of bacteria to evolve resistance to antibiotics, and we just have to keep a careful watch on every mail service we administer to see what the spammers are up to in our neighborhoods. Steve ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
On 03/05/2016 04:03 AM, Aditya Divekar wrote: > > I was mostly basing this idea on the lines that it is easy to put in a spam > subscription request to the mailing lists now. > Implementing captcha could nip most of these attempts in the bud itself, > and save mailman the extra efforts of sending the confirmation link to the > subscriber. Subscription confirmation has nothing to do with spam subscription attempts. It is to prevent me (a human) from subscribing other people's addresses to lists. Captchas and similar hoops to jump through do not stop my doing that and do not obviate the need for confirmation. -- Mark SapiroThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
Yes, I was of the opinion that it could be an optional feature. Making it compulsory would involve critical problems as mentioned above by Christian, and might sometimes be disagreeable to list users who think its an unnecessary overhead of time. I was mostly basing this idea on the lines that it is easy to put in a spam subscription request to the mailing lists now. Implementing captcha could nip most of these attempts in the bud itself, and save mailman the extra efforts of sending the confirmation link to the subscriber. Thanks. Aditya ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they would have to be > optional in my opinion as they would > require signing up for a token with the captcha provider. Yes, if captchas really have to be implemented, please, please make them optional! For example many blind people are using mailman and captchas are a nightmare for them and from the point of view regarding accessibility in general. Mailman 2.x is very accessible so far and unfortunatly I hadn't time to take a look if postorius is also good to use, but keeping mailman useable also for users with disabilities should be always kept in mind IMHO! If spam protection mechanisms are needed, please think about better alternatives or make this mechanisms optional! Thanks and all the best, Christian -- Christian Schoepplein - ch...@schoeppi.net - http://www.schoeppi.net ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] CAPTCHA support
On 03/05/2016 11:57 AM, Aditya Divekar wrote: > Hi! > I was looking around the mailman code, and could not find the functionality > for captcha in the mailing lists subscription pages. > I think it could be a good feature to implement in the upcoming versions, > and would like to know if its a good idea? > I also came across the thread - > http://permalink.gmane.org/gmane.mail.mailman.user/74167 > and read about the previous discussion on it by some members. > Since captcha back then was easier to break, it might not have been a > profitable feature, according to the thread. > But with the new recaptcha, I would like to know if the stand is the same. The message you mentioned said that it might be because of lacking csrf protection. With django all the forms are protected by csrf. About captchas. If they are implemented, they would have to be optional in my opinion as they would require signing up for a token with the captcha provider. Or were you thinking about implementing your own service? I'm pretty sure there are django apps out there that add captcha support. It would be a nice addition if it's optional. If it's not I guess it would need more discussion. ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9