Mon, 27 Aug 90 14:53:09 O
|
>I never use this option at my site, but many lists to which I belong do.
>And a few times I have waited weeks and sent repeated requests before
>being removed from a list.
David, there is little one can do in this world to prevent people from
being stupid when they want to. With internet mailing lists, you have no
way to signoff by yourself and it can take 3 months to be removed if the
moderated is on vacations or lazy. It is a well-known fact that some
combinations of keywords are stupid, for instance "Review= Private
Subscription= Open Notify= No Validate= Store" (ie anybody can review the
list by signing up, sending the REVIEW, and signing off, and the list
owner will not even know). It is not my business to decide whether a
particular combination of options is "stupid" for a particular site. If
you as a user don't like it, complain to the list owner, not to me.
>But a hacker CAN add whomever he wishes as things now stand.
Not with "Validate= All Subscription= By_owner".
>I love the "Subscription= Closed" parameter. It will prevent the above
>situation. "Validate= All" won't help here at all.
Ok Mr.Expert, I bow to You, You are Right by Definition. However may I
humbly suggest that you try sending an ADD command "from" the list owner
with "Subscription= Closed Validate= Store"?
>But Mignon's list (and many others with "Validate= All") DO have it.
So Mignon's list (and many others) ought to have this parameter changed.
>list headers are probably copied from one list to another at a site
>without much attention to the less noticeable parameters such as
>"Validate".
I guess this is my fault and I should delete the "Validate" keyword in
order to prevent the possibility that hasty list owners might copy it
from another list. While I'm doing that, I might as well delete all the
other "less noticeable" keywords.
>Eric doesn't seem receptive to the idea of adding the personal password
>as another legitimate password for making changes in a "Validate= All"
>list,
The personal password is accepted for validation of any command (ADD,
DELETE, etc). The problem is that the SIGNOFF command cannot be
validated. There are two reasons I am opposed to that:
1. Getting a password on a particular server might also take you 3
months, depending on how the server is configured, ie it does not
solve the problem.
2. I do not want to encourage users to get a password just for signing
off a list.
I have already thought of the RELAY-like mechanism for confirming
commands. It's on my wish list, but it's a good amount of code (you don't
want to support just SIGNOFF but rather all the commands that require
validation). And you don't want it to be used for a netwide signoff
either :-)
Eric
|
|
|