Hello,
This message only appears for a non-member if the roster is non-public
(available only to the admin or to list members). With a public
roster, the message is 'No such member: [EMAIL PROTECTED]'.
Ah, I see. In today's world an option for members to see other members'
addresses sounds dangerous and may even be such. But I see now why this
happens.
Granted the message could be changed from "The confirmation email has
been sent." to something like "The confirmation email has been sent if
[EMAIL PROTECTED] is a list member." Do you think this would help?
Yes, it would be a lot more informative.
Maybe in future it would be better to just disallow anyone to view a
member's list and give a clear indication whether email has or has not
been sent. If the unsubscribe script cannot be exploited remotely, then
I do not see probing as a real threat (especially if additionally
secured by some captcha code or the like). But then I may not see all
the consequences of such solution.
Anyway, thanks for Mailman!
--
Zbigniew Szalbot
www.lc-words.com
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
