Hi Mark, Thanks for taking care of these (as always!). I have one quick comment.
On Apr 26, 2011, at 01:00 AM, nore...@launchpad.net wrote: >------------------------------------------------------------ >revno: 1297 >committer: Mark Sapiro <msap...@value.net> >branch nick: 2.1 >timestamp: Mon 2011-04-25 16:52:35 -0700 >message: > A new list poster password has been implemented. This password may only > be used in Approved: or X-Approved: headers for pre-approving posts. > Using this password for that purpose precludes compromise of a more > valuable password sent in plain text email. Bug #770581. >modified: > Mailman/Cgi/admin.py > Mailman/Defaults.py.in > Mailman/Handlers/Approve.py > Mailman/SecurityManager.py > Mailman/Version.py > Mailman/versions.py > NEWS === modified file 'Mailman/Defaults.py.in' --- Mailman/Defaults.py.in 2011-04-25 22:40:16 +0000 +++ Mailman/Defaults.py.in 2011-04-25 23:52:35 +0000 @@ -1375,6 +1375,11 @@ # option settings # - List creator, someone who can create and delete lists, but cannot # (necessarily) configure the list. +# - List poster, someone who can pre-approve her/his own posts to the list by +# including an Approved: or X-Approved: header or first body line pseudo- +# header containing the poster password. The list admin and moderator +# passwords can also be used for this purpose, but the poster password can +# only be used for this and nothing else. # - List moderator, someone who can tend to pending requests such as # subscription requests, or held messages # - List administrator, someone who has total control over a list, can @@ -1389,7 +1394,8 @@ AuthCreator = 2 # List Creator / Destroyer AuthListAdmin = 3 # List Administrator (total control over list) AuthListModerator = 4 # List Moderator (can only handle held requests) -AuthSiteAdmin = 5 # Site Administrator (total control over everything) +AuthListPoster = 5 # List poster (Approved: <pw> header in posts only) +AuthSiteAdmin = 6 # Site Administrator (total control over everything) >------------------------------------------------------------ While this is probably harmless, it does make me nervous. I'd probably have added the AuthListPoster as value 6 and left AuthSiteAdmin as 5. It's unlikely that someone has squirreled these values away, but if they have, this might break their code because their AuthSiteAdmin enum value is now AuthListPoster. I'll leave it up to you, but please consider changing AuthSiteAdmin back to 5 and adding AuthListPoster as 6. Cheers, -Barry
signature.asc
Description: PGP signature
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
