Are there specific Mailman CVEs you can refer towards such that these settings could not be opened up? The read-only archives appear to be static files, so there is no additional security issue that isn't already presented by the existing cgi-bin already open for public access. Similarly for the reply-to issue, only email addresses present in messages that have been approved to be part of the list would be subject to an automatic reply.
As a project maintainer myself, I wouldn't want to link these simple improvements to a wholesale replacement of the mailing list system. GNU Mailman is still very widely used and IMO does the job very well, and if the archives were opened up then they would be indexable by search engines such as Google. On Fri, Oct 11, 2019, at 11:56 AM, Brannon King wrote: > I agree that Mailman is archaic. I worry about the security on it. I don't > enjoy using 3rd-party mirrors for searching it. I'd like to propose that we > upgrade to something more modern and secure like Sympa or mlmmj, or even a > more drastic system upgrade to something like Redmine -- a project > tracker + forum. > > On Fri, Oct 11, 2019 at 9:41 AM Mike Bayer <mike...@zzzcomputing.com> wrote: > > > ...I would ask them to consider that making the mailing list opaque leads > > to user questions that are entirely related to SQLite and nothing else > > being posted in downstream project communities instead, which pushes the > > community response burden downwards. > > > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
