oss-sec mailing list archives
Re: list: members vs. read-only subscribers
From: Vincent Danen <vdanen () linsec ca>
Date: Wed, 9 Apr 2008 19:14:17 -0600
* [2008-04-07 13:35:53 -0400] Josh Bressers wrote:
It appears that Josh and Vincent have expressed the same opinion in the quotes above. Unfortunately, ezmlm-idx does not have a notion of having different types of subscribers to a list - "members who can post" vs. "read-only subscribers". Yet, if this is really what we want (any other opinions?), we may be able to achieve it in one of two ways: 1. Use the "allow" list feature to specify the addresses of "full members". Unfortunately, in my experience the "allow" list is used for lists that are moderated for non-subscribers only (to allow some non-subscribers or alternate addresses of subscribers to post without moderation), not for those that are also moderated for subscribers. I have not looked into whether this would be easy to fix or not - but I or someone else at Openwall can look into it if needed. It might turn out that the fix is trivial. 2. Setup a second list for the read-only subscribers, and subscribe that list to the main one.Here is my proposal, technical issues aside (we are smart people, we'll figure something out). * The current member list can post unmoderated * New subscribers (anyone can subscribe) will be moderated by default, but can have the moderation flag lifted when the prove to be useful contributors (we need to define what a useful contributor is) * Non members can post, but will be moderated (if spam is an issue, we could consider just throwing this stuff out, but I'd really like to avoid it if possible)
This works for me.
I think that this should appear as one list to the end user. If we end up using some bizarre solution with multiple lists to work around the ezmlm-idx shortcomings, we need to ensure that this is not obvious to the end users. Users should be able to hit reply and the right thing just happens.
I agree. My solution was perhaps a little too convoluted and/or paranoid... take your pick. =)
For the wiki, I'd say just make it a free for all. If they take the time to create an account, let them make changes, we'll keep an eye on what gets modified. We can deal with spam if it becomes a problem.
I can deal with this too. There's, what, a half-dozen of us that are getting notices of changes to the wiki so any problems should be picked up and corrected pretty quickly.
If you don't like this, speak up now, otherwise, I think it would make sense to find a solution that fits this model.
It's fine with me, and I see Solar is ok with it as well so I say do it (I don't see anyone else having spoken up one way or the other, and it's taken me a few days to get to this... release week always causes time shortages). -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- Re: group announcement (was: list: members vs. read-only subscribers), (continued)
- Re: group announcement (was: list: members vs. read-only subscribers) Josh Bressers (May 02)
- Re: group announcement (was: list: members vs. read-only subscribers) Vincent Danen (May 02)
- Re: group announcement Jonathan Smith (May 02)
- Re: group announcement (was: list: members vs. read-only subscribers) Steven M. Christey (May 02)
- Re: group announcement (was: list: members vs. read-only subscribers) Josh Bressers (May 02)
- Re: group announcement Jonathan Smith (May 02)
- Re: group announcement Josh Bressers (May 04)
- Re: group announcement Jim Meyering (May 05)
- Re: group announcement Solar Designer (May 12)
- Re: list: members vs. read-only subscribers Josh Bressers (Apr 23)
- Re: list: members vs. read-only subscribers Vincent Danen (Apr 09)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Solar Designer (Apr 08)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Andrea Barisani (Apr 08)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Josh Bressers (Apr 08)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Andrea Barisani (Apr 08)
- Re: announcing oCERT & oss-security to Bugtraq & f-d Solar Designer (Apr 08)
- Re: Re: "who shouldn't be on-list" Jonathan Smith (Apr 04)
- Re: Re: "who shouldn't be on-list" Vincent Danen (Apr 04)