-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mar 24, 2008, at 9:37 PM, Jo Rhett wrote: > On Mar 4, 2008, at 6:00 PM, Stephen J. Turnbull wrote: >> In any case, it's hard to sympathize with your claim of urgency. >> Mark's intention to release 2.1.10 has been known for many months. >> This proposal comes on the eve of release. Code changes to implement >> it can, and should, wait for the next release. > > What? I'm sorry, but Mailman has been blamed for backscatter for > like 3 years going now. This problem has been well known for long > before 2.1.10 was even dreamed of. I am asking that the developers > start paying attention *NOW*. > > If the problems aren't going to be solved before 2.2, then we're > going to put Mailman in the same bin as qmail and say that using it > is a violation of the AUP.
Now that there's documentation, I don't think you need to be that severe. Not everybody needs or wants this particular behavior. Those that do should now have the information at their fingertips. If downstream distributions want to change the defaults they are free to do so. This simply cannot be changed in Mailman 2.1. For one thing, it's a major feature change, not a security fix. A security problem would be something like a cross-site scripting vulnerability or remote root exploit. For another, pushing back 2.1.10 guarantees that 2.2 will be delayed because of the extra q/a that needs to happen, etc. This isn't a trivial change and we have limited resources. - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQCVAwUBR+lnaXEjvBPtnXfVAQKXCwQAk6y1e4juyw4DAh6XIoYzKdSFzZ4/2h9U 3Ql6dfeU14niMIpJPYlf3qKTECu5aI21q+yAlT8t4yud48aAAgqTMkGPWMQ93T8A OZ8YWUhxMypzkxYIyR/X/W/n3rhthdPY3Y6a13F5NhlATEPwQXuXaIwxaN/m7FSC HxTNcT69OrU= =aWxK -----END PGP SIGNATURE----- _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
