Package: mailman3-web Version: 0+20240312-1 Severity: wishlist Dear Maintainer,
Adding captcha support would really help deal with the growing problem of bots spam-subscribing to lists just to get confirmation requests, etc, sent to mailbomb targets. This creates a lot of blowback to the list/site admin emails, wasting time. Fedora/RH world seem to have done it in the rpm packaging, so the code is there and doesn't look too hairy. See (search page for captcha): https://github.com/pbiering/mailman3-rpm/tree/main I've tried adding it through local templates and things, but it would seem impossible without touch files under /usr/lib, which is verboten. It would be be done at the packaging level with patches, like Fedora. Having it in the anonymous subscription form as well as the user creation form would be great. Thank you. -- System Information: Debian Release: 13.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.74+deb13+1-amd64 (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mailman3-web depends on: ii dbconfig-sqlite3 2.0.25 ii debconf [debconf-2.0] 1.5.91 ii init-system-helpers 1.69~deb13u1 ii python3 3.13.5-1 ii python3-django-hyperkitty 1.3.12-3 ii python3-django-postorius 1.3.13-1 ii python3-mysqldb 1.4.6-2+b5 ii python3-psycopg2 2.9.10-1+b1 ii python3-whoosh 2.7.4+git6-g9134ad92-10 ii ucf 3.0052 ii uwsgi-core 2.0.28-9 ii uwsgi-plugin-python3 2.0.28+8+0.0.2+b1 Versions of packages mailman3-web recommends: ii nginx 1.26.3-3+deb13u2 Versions of packages mailman3-web suggests: ii default-mysql-server 1.1.1 ii mariadb-server [virtual-mysql-server] 1:11.8.6-0+deb13u1 -- Configuration Files: /etc/mailman3/uwsgi.ini changed [not included] -- debconf information excluded
