On Fri, 2009-12-18 at 11:00 -0800, Mark Sapiro wrote: > Just to be clear, the presence or absence of an email address in the > owner or moderator attributes of a list has nothing to do with who can > do what. It only controls where notices are sent and what appears in > web page footers. > > It is quite possible to set a moderator password without adding any > addresses to 'moderator', and anyone who knows that password can post > an Approved: or Urgent: message and log in to the admindb page.
I'm aware of this, but it does bring up another question, which, in my own cowardly way, I was trying to avoid dealing with ;-/ I assume that if one sets up a new list and doesn't set a moderator password, then only the administrator can use an "Approved:" [pseudo]header and there's no default moderator password. If one sets up a moderator password then either will work. I (naively) assumed that deleting all moderator email addresses _might_ thereby render the moderator password ineffective, but in my guts, I knew it probably wasn't so. Is there any way to nullify the moderator password altogether? Does submitting the passwords page with an empty field for the mod pw accomplish this? -- Lindsay Haisley | "The difference between | PGP public key FMP Computer Services | a duck is because one | available at 512-259-1190 | leg is both the same" | http://pubkeys.fmp.com http://www.fmp.com | - Anonymous | ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org