On 2009-Jan-5, at 2:03 PM, Barry Warsaw wrote:
I suspect the default should be to not expose those things. I
wasn't even
aware that list creation through the web was possible. Based on the
extremely novice questions I see posted to mailman-users on
occasion I
suspect many potential Mailman
Barry Warsaw wrote:
>
>On Jan 5, 2009, at 1:12 PM, s...@pobox.com wrote:
>
>> I suspect the default should be to not expose those things. I
>> wasn't even
>> aware that list creation through the web was possible. Based on the
>> extremely novice questions I see posted to mailman-users on occasi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 2:25 PM, Terri Oda wrote:
This seems like it might be more of a failure in documentation/
understanding than a failure in security. All this information is
readily available (both about the fact that you can create from the
w
Thijs Kinkhorst wrote:
>
>On Monday 5 January 2009 17:09, Mark Sapiro wrote:
>> Please don't start (or extend) a list of downstream things to look at
>> in the week before a release. First of all, I'm just compulsive enough
>> to actually look, but even so, the most likely result is I'll be
>> over
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 1:19 PM, Thijs Kinkhorst wrote:
On Monday 5 January 2009 17:09, Mark Sapiro wrote:
Please don't start (or extend) a list of downstream things to look at
in the week before a release. First of all, I'm just compulsive
enough
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 1:12 PM, s...@pobox.com wrote:
I suspect the default should be to not expose those things. I
wasn't even
aware that list creation through the web was possible. Based on the
extremely novice questions I see posted to mailman-us
>> Maybe all that's necessary is to install cgi-bin/create as
>> cgi-bin/create.disabled by default, set its permissions to not allow
>> execution and add a note to the installation docs about the
>> consequences of through-the-web list creation and how to set it up.
Adam> Or
On Mon, Jan 05, 2009 at 12:12:31PM -0600, s...@pobox.com wrote:
> Maybe all that's necessary is to install cgi-bin/create as
> cgi-bin/create.disabled by default, set its permissions to not allow
> execution and add a note to the installation docs about the consequences of
> through-the-web list cr
On Monday 5 January 2009 17:09, Mark Sapiro wrote:
> Please don't start (or extend) a list of downstream things to look at
> in the week before a release. First of all, I'm just compulsive enough
> to actually look, but even so, the most likely result is I'll be
> overwhelmed, defer everything and
Mark> The answer is to use strong passwords, and if you are really
Mark> concerned, don't advertise any lists and remove Mailman's
Mark> cgi-bin/create wrapper so lists can't be created from the web, or
Mark> alternatively just don't set site admin or list creator passwords
Mar
Edilson Azevedo wrote:
>
> But, I've a last doubt: Which the advantage in keep the creation of lists
>open for the world? what would be the real advantage? I need to understand
>before block the access.
You may have people within your organization or trusted customers or
whatever, depending on yo
Ok... thanks to all!!!
But, I've a last doubt: Which the advantage in keep the creation of lists
open for the world? what would be the real advantage? I need to understand
before block the access.
THANKS!
On Mon, Jan 5, 2009 at 2:50 PM, Barry Warsaw wrote:
> -BEGIN PGP SIGNED MESSAGE
On Tue, Jan 6, 2009 at 1:09 AM, Mark Sapiro wrote:
> Please don't start (or extend) a list of downstream things to look at
> in the week before a release. First of all, I'm just compulsive enough
> to actually look, but even so, the most likely result is I'll be
> overwhelmed, defer everything an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 11:48 AM, Mark Sapiro wrote:
I think Barry misunderstood which links you are talking about.
Yep. Thanks, I just re-read the OP (in post-coffee mode :), so now I
get it.
The links on the list admin overview page to lists re
Edilson Azevedo wrote:
>
> You said "should". But in 95% of the lists that I look, those links are
>always open.
I think Barry misunderstood which links you are talking about.
The links on the list admin overview page to lists really reveal
nothing but the names of public lists on the server. Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[Trimmed CC to just -developers]
On Jan 3, 2009, at 2:51 PM, Mark Sapiro wrote:
Barry has been making wonderful progress with Mailman 3.0 and has just
announced the second alpha release.
This may leave some of you wondering what's happening with t
On Mon, Jan 05, 2009 at 09:34:47AM -0500, Dan Mahoney, System Admin wrote:
> I see this as a non-issue, personally, but I do think it looks bad, and
Likewise.
> think that screen should in a perfect world only be shown ONLY if there is
> a "list creator" password with no other privileges (but t
--On 5 January 2009 10:09:53 + Simon Fraser wrote:
On Fri, 2009-01-02 at 12:06 -0500, Barry Warsaw wrote:
Finally, I would like to get input from MTA experts on this list as to
the best way to integrate the various MTAs with Mailman's LMTP
server. Specifically, I'm looking at fixing an
Paul Wise wrote:
>
>In addition to those, there is the Indymedia patch set:
>
>http://lists.indymedia.org/patches.tar.gz (against 2.1.10)
>http://lists.indymedia.org/patches/ (in use)
>
>Many of those will only be useful for Indymedia (especially the msgid
>stuff) or only appropriate for the 2.2 br
On Mon, 5 Jan 2009, Edilson Azevedo wrote:
Hi Barry and Thank to answer!
You said "should". But in 95% of the lists that I look, those links are
always open. An random example: The official MailMan mailing list. Follow my
steps:
1 - Open this link: http://mail.python.org/mailman/admin
2 - Aft
Hi Barry and Thank to answer!
You said "should". But in 95% of the lists that I look, those links are
always open. An random example: The official MailMan mailing list. Follow my
steps:
1 - Open this link: http://mail.python.org/mailman/admin
2 - After, click in "create a new mailing list"
3 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 5, 2009, at 8:04 AM, Edilson Azevedo wrote:
Hi Developers! I've a question:
Why in all lists sites that I look, the "Admin Links" is open?
Worst: Why
(inside the Admin Links) the link "create a new mailing list" is open?
Anyone in anywher
Hi Developers! I've a question:
Why in all lists sites that I look, the "Admin Links" is open? Worst: Why
(inside the Admin Links) the link "create a new mailing list" is open?
Anyone in anywhere can to try until discover the Admin password??
My doubt is: Why those links are open to world? I th
On Fri, 2009-01-02 at 12:06 -0500, Barry Warsaw wrote:
> Finally, I would like to get input from MTA experts on this list as to
> the best way to integrate the various MTAs with Mailman's LMTP
> server. Specifically, I'm looking at fixing and improving bin/
> genaliases for each of the MTAs.
Hi,
William's internship has finished here, so I think I'd better pick up this
thread - if that's OK with you, William. I'll mail you off list about your
two questions.
I've added a note to the docs about Exim's callout features. They allow
Exim to determine not only whether the list exists
25 matches
Mail list logo
