|
Sender: |
Revised LISTSERV forum <LSTSRV-L@CEARN> |
Subject: |
|
From: |
David Sitman <A79@TAUNIVM> |
Date: |
Mon, 15 Jan 90 13:12:25 IST |
In-Reply-To: |
Message of Sun, 14 Jan 90 19:20:34 GMT from <ERIC@LEPICS> |
Reply-To: |
Revised LISTSERV forum <LSTSRV-L@CEARN> |
On Sun, 14 Jan 90 19:20:34 GMT Eric Thomas said:
>>I think that every user has the right to unsubscribe from a list
>>whenever he/she wants.
>
>It's not a problem of "right", but of not being sure that the command
>actually comes from you. Given a 20 lines exec and a few minutes, it is
>very easy for a "smart" user to REVIEW a large and important list and
>zzzap, signoff everybody, clean and neat....
.
.
> Eric
It IS a problem with "right". The situation today is that a user can join a
high-volume list without any hint that he/she will not be able to get off
that list alone. If the list owner is busy/away/hibernating/disconnected,
then the user will continue to receive that high volume of unwanted mail.
I find this particularly disturbing for lists which are open subscription.
I am not convinced of the need for this safeguard; there are so many things
that a pernicious hacker can do that I don't think that any hacker would
waste his/her "talents" on something with so little "thrill value". Still,
the more safeguards the better, as long as they are worth the bother.
So, I still think that postmasters should discourage the use of 'Validate=
All commands'. If it is used, I think that a message to that effect should
be included in $DEFAULT MAILFORM so that users will at least be warned
about this. Finally, I think that best solution is simply to use the user's
password for validation, i.e., when a user tries to subscribe to a
'Validate= All commands' list, the user is told that a password is required
(the usual password blurb). That way, users are protected from being
signed off by hackers. There is even an added safeguard: a hacker can not
sign me up for a list on a Listserv for which I already have a password.
David
|
|
|