From marcoxa@cs.nyu.edu Wed Jul 12 20:40:36 2023 From: Marco Antoniotti To: clo-devel@common-lisp.net Subject: Re: Questions about new mailing lists setup on common-lisp.net Date: Wed, 08 Apr 2015 20:58:11 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6882307375319661329==" --===============6882307375319661329== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable In reality I still have one question. Is Mailman still used or not? MA On Apr 25, 2013, at 09:47 , Jean-Claude Beaudoin wrote: >=20 > On Wed, Apr 24, 2013 at 2:02 PM, Drew Crampsie = wrote: > > 1- Is there a web based interface to browse the archive of a list? >=20 > Not yet. It is trivial to do and will be done, but this is the first time i= t has been requested ,and there are only 15 or so messages that need archived= (lists are not very busy it seems), so it will be done shorty. It is trivial= to do so : http://mlmmj.org/archive/mlmmj/2010-08/0000002.html and http://ml= mmj.org/docs/readme-archives/ . >=20 > > 2- Is the mailman era archive of each list now simply > unreachable from the web?=20 >=20 > It shouldn't be. Give me a http:// URL that should work? >=20 > > 3- Is there a web based interface for new users to subscribe > to a list?=20 >=20 > not really, though it may be done soon. But, ... is easy enough for now. >=20 > > From what I understand now there is no password associated > with a subscription to a list, nor is there any password > associated with the owner/admin role of a list. =20 >=20 > Can you tell me what you have read that makes it seem like very very insecu= re? Also, what are you talking about "password associated > with ..."? >=20 > > Am I wrong > in believing that now someone simply has to send emails=20 > with a forged From: field to hijack control of the list/subscription? >=20 > Well, what made you believe that? Is there a simple way that folks can easi= ly hijack a list over email?=20 >=20 > As far as I know, it was audited by a company that worries about such thing= s, http://mlmmj.org/docs/readme-security/ , and does not have a problem... ca= n you please show me how/where/when you are able to hijack a list? mlmmj-test= (a)common-lisp.net is a great place to start, and please feel free to hijack = it. >=20 > Let me know if I have answered all the questions, and let me know the secur= ity holes you have discovered. >=20 > -- drewc >=20 >=20 > Indeed you have answered all the questions I asked and this does clarify th= e current situation. >=20 > Thank you, >=20 > Jean-Claude Beaudoin >=20 >=20 >=20 > =20 >=20 >=20 >=20 >=20 >=20 > =20 >=20 > =20 >=20 >=20 > On Wed, Apr 24, 2013 at 2:00 AM, Jean-Claude Beaudoin wrote: >=20 > I have been trying to figure out the new project mailing lists setup > on common-lisp.net for the last few hours. I think I more or less > understand now how the lists setup is to be used but I still > have a few questions left: >=20 > 1- Is there a web based interface to browse the archive of a list? >=20 > 2- Is the mailman era archive of each list now simply > unreachable from the web? >=20 > 3- Is there a web based interface for new users to subscribe > to a list? Or, do we have to explain them on the project page > that they need to send email to say > "projectfoo-devel+subscribe(a)common-lisp.net" in order > to subscribe to the projectfoo-devel list? >=20 > 4- From what I understand now there is no password associated > with a subscription to a list, nor is there any password > associated with the owner/admin role of a list. Am I wrong > in believing that now someone simply has to send emails > with a forged From: field to hijack control of the list/subscription? >=20 > Thanks, >=20 > Jean-Claude Beaudoin >=20 >=20 >=20 -- Marco Antoniotti --===============6882307375319661329==--