On Wed, 17 Jan 2007, Mark Sapiro wrote: > Paul Tomblin wrote: > > > >You mean that if people used the Approve: header that Mailman doesn't > >strip it out before it sends it? That seems like a huge security hole. > > No I don't mean that. It is removed whether or not the password is > valid. When I said "This is intentional to discourage sending the site > password in the clear in email." I meant in the email TO the list. The > header won't be in the mail FROM the list.
But it also minimizes the risk of accidental disclosure of the site password. I assume if Approved was misspelled in a header or as the first line of the message, it would be included in the message if it was susequently approved by a moderator or met other critieria for not needing moderation. -- Larry Stone [EMAIL PROTECTED] ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
