In reality I still have one question.
Is Mailman still used or not?
MA
On Apr 25, 2013, at 09:47 , Jean-Claude Beaudoin jean.claude.beaudoin@gmail.com wrote:
On Wed, Apr 24, 2013 at 2:02 PM, Drew Crampsie drew.crampsie@gmail.com wrote:
1- Is there a web based interface to browse the archive of a list?
Not yet. It is trivial to do and will be done, but this is the first time it has been requested ,and there are only 15 or so messages that need archived (lists are not very busy it seems), so it will be done shorty. It is trivial to do so : http://mlmmj.org/archive/mlmmj/2010-08/0000002.html and http://mlmmj.org/docs/readme-archives/ .
2- Is the mailman era archive of each list now simply
unreachable from the web?
It shouldn't be. Give me a http:// URL that should work?
3- Is there a web based interface for new users to subscribe
to a list?
not really, though it may be done soon. But, <a href="mailto:projectfoo-devel+subscribe@common-lisp.net"> ... </a> is easy enough for now.
From what I understand now there is no password associated
with a subscription to a list, nor is there any password associated with the owner/admin role of a list.
Can you tell me what you have read that makes it seem like very very insecure? Also, what are you talking about "password associated with ..."?
Am I wrong
in believing that now someone simply has to send emails with a forged From: field to hijack control of the list/subscription?
Well, what made you believe that? Is there a simple way that folks can easily hijack a list over email?
As far as I know, it was audited by a company that worries about such things, http://mlmmj.org/docs/readme-security/ , and does not have a problem... can you please show me how/where/when you are able to hijack a list? mlmmj-test@common-lisp.net is a great place to start, and please feel free to hijack it.
Let me know if I have answered all the questions, and let me know the security holes you have discovered.
-- drewc
Indeed you have answered all the questions I asked and this does clarify the current situation.
Thank you,
Jean-Claude Beaudoin
On Wed, Apr 24, 2013 at 2:00 AM, Jean-Claude Beaudoin jean.claude.beaudoin@gmail.com wrote:
I have been trying to figure out the new project mailing lists setup on common-lisp.net for the last few hours. I think I more or less understand now how the lists setup is to be used but I still have a few questions left:
1- Is there a web based interface to browse the archive of a list?
2- Is the mailman era archive of each list now simply unreachable from the web?
3- Is there a web based interface for new users to subscribe to a list? Or, do we have to explain them on the project page that they need to send email to say "projectfoo-devel+subscribe@common-lisp.net" in order to subscribe to the projectfoo-devel list?
4- From what I understand now there is no password associated with a subscription to a list, nor is there any password associated with the owner/admin role of a list. Am I wrong in believing that now someone simply has to send emails with a forged From: field to hijack control of the list/subscription?
Thanks,
Jean-Claude Beaudoin
-- Marco Antoniotti