On Thu, 10 Oct 1991 10:41:43 EDT "Lisa M. Covi" <COVI@BITNIC> said:
 
>Here are some more questions about setting up lists:
>
>1. What does  the PW= key actually  prevent? When a list  doesn't have a
>   PW= key, I get a nasty message telling me that unauthorized users can
>   change my  headings, but  I tried  to get, set  options, etc  from an
>   unauthorized ID and I couldn't. Where's the security hole?
 
If a  list has  no password,  LISTSERV can't check  the password,  so any
password is  accepted. If  you try  from an unauthorized  ID it  will not
work,  but since  any  unauthorized ID  can send  commands  on behalf  of
COVI@BITNIC with a minimum knowledge  of BSMTP, any knowledgeable user on
the network can trash your list.
 
>2. Similarly, using lsvput as a LISTSERV postmaster, I am prompted for a
>   password  to a  list that  has no  PW= heading.  I have  typed random
>   passwords and they  are accepted and the update is  applied. Why does
>   this work?
 
Well what should it do, accept only blank passwords?
 
>3. Does Validate=All Commands prevent  users from just unsubscribing and
>   setting options (for their own ID  only I assume)? Is there something
>   else  they  can  do with  Store  only?  Does  this  have to  do  with
>   filelists?
 
This prevents any unauthenticated update  to the list, with the exception
of a few unimportant things which do not affect the operation of the list
or subscription,  such as acknowledgement  level, REPRO, and so  on. This
has nothing to do with filelists.
 
>4.  What  program uses  the  X-tags?  My  list  owners wonder  what  the
>   advantages are to keeping them or putting them in a comment header.
 
They are for information only. Putting  them as comments means more space
is used up.
 
>5.  On List  renewal,  is  it correct  that  the  Interval (i.e.  yearly
>   monthly, weekly)  specifies the  time from  the subscription  or last
>   confirmation that the subscription is due to expire?
 
Yes. LSVEXPIR runs every day, but uses the information in the list header
to decide when to take action.
 
>6. The FILES= command. If I set  FILES= No to prevent something like the
>   CHRISTMA  EXEC from  being distributed  to the  list, does  that also
>   prevent the BITNET sites without mailers from sending to the list?
 
It prevents BITNET  sites with strictly no mail facility  from sending to
the list - a few MVS sites and  the like which should join the real world
and are better off being given an incentive to do so.
 
>7. How  can you  tell whether  files have  the FORM  of REDIST?  Is this
>   related  to the  FILES= keyword?  Does this  have to  do with  Edited
>   lists?
 
This is  mostly historical.  It is  a way  to allow  limited use  of file
distribution by requiring the sender to set the form to REDIST when it is
not a mistake and he does  indeed actually want the file distributed. You
enable this mode with "Files= Yes  Formcheck= Yes". In practice, for most
lists, file distribution is either appropriate or unappropriate, with the
number of  lists in the  former category  decreasing every day  as BITNET
dies its slow  death. The VMSHARE/PCSHARE distributions come  from a list
which is a good example of a case where this is clearly appropriate.
 
>8. Where can one get a list of SERVICE areas?
 
The keyword "Local", any BITNET nodeid  or Internet hostname, or the name
of any country or network. You can use  a not or minus sign in front of a
keyword to indicate sites which should be excluded.
 
>10. Last  question: are  all list  headers changable  after the  list is
>    established? Any insight would be helpful.
 
Yes of course!
 
  Eric