Mon, 17 Jun 1996 18:55:07 +0200
|
Many people have requested a feature that would allow the list owner to
tell LISTSERV that [log in to unmask] and [log in to unmask] are really the
same person and that the different mailboxes are only due to the lack of
foresight or competence of the people running the mail systems. I would
like to collect more detailed feedback on this proposed feature, and in
particular, I would like to make it clear that we are talking about the
same thing.
Whether this is convenient or not, it is a fact that there are zillions
of host pairs for which [log in to unmask] and [log in to unmask] are NOT
the same person. Setting aside obvious cases like the 'root' account, you
have:
1. Sites that are simply organized this way.
2. Sites in countries where organizations are registered as a third level
domain. For instance, [log in to unmask] is very unlikely to be the
same person as [log in to unmask] because these are two completely
different universities.
So I want to make it clear that L-Soft will not implement anything that
would assume that these two addresses belong to the same person in the
sense that they would be treated as a single subscription (much as
ERIC@SEARN and [log in to unmask] are considered to be the same address
and either can, say, change the subscription options of the other). This
would make LISTSERV totally unusable for thousands of users and open a
gaping security hole that we simply cannot accept. Note that you cannot
have a table of domains indicating whether you need 2 or 3 common terms
as many domains have mixed conventions. For instance, the .SE domain
registers most organizations directly under .SE, but there is a subdomain
called PP.SE for individuals who want their own domain. They are
guaranteed to all have account names like 'anna' or 'mats' and NOT be the
same person as the 200 other 'anna' or 'mats' with their own domain.
Similarly, each "region" has a domain under which its various
bureaucratic components can be registered, and they are also guaranteed
to be different people. So, it is not just PP.SE and there is no easy and
simple rule to know how far down to go. This is a very big kludge and I
am only discussing it because so many people have requested it.
What we COULD do is add an option for "Send= Private" lists that says
that if [log in to unmask] is subscribed to the list, then
[log in to unmask] may also post to it, even though it is understood that
she may not be the same person. This would not be a security hole as it
would just be the list owner defining a different policy for accepting
postings; the policy could always be revoked if it became necessary to
prevent the other Anna from posting.
Now what I would like to make sure that we all understand, before we
start casting votes, is that this means postings will work even with
broken software, but SIGNOFF, SET and the like will not. The new option
will only affect *postings* and the subscribers will still be just as
much as a pain (and possibly more - they will insist that it works
"sometimes") when they need to change their options. The question is then
whether this is worth the effort. Remember, the time spent writing this
kludge will not be spent implementing another feature.
Eric
|
|
|