http://bugzilla.spamassassin.org/show_bug.cgi?id=4546
------- Additional Comments From [EMAIL PROTECTED] 2005-08-21 23:02 ------- Subject: Re: [review] spamc/spamd learning has potentially dangerous side-effects > "This is not ususally a concern with an SQL Bayes store as users > will typically have read-write access directly to the database, and > can also use C<sa-learn> with the B<-u> option to achieve the same > result" I'm not sure I understand your comment. I think the word "This" above is a bit vague. What I'm trying to say is that enabling TELLs is not ususally a problem for systems with an SQL Bayes Store as users could previously use sa-learn -u. Maybe what I should say is: If the Bayes database backend is a DBM or SDBM file, B<--allow-tell> allows any user to write to any other user's database, which is not possible using just C<sa-learn>. If the Bayes database is being stored in SQL, any user can already to write to any other user's database using the B<-u> option to C<sa-learn>, so B<--allow-tell> is not less secure. In addition, B<--allow-tell> alleviates the need to give all users direct database access. Is this clearer? I don't think we need another patch for this -- feel free to vote on this one, the doc can be changed after this is committed, without the need for another vote. Also, I'm not going to be around this week, so waiting for another patch from me is a bad idea! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
