Re: Debian is secure, the debian lists are not.
On Wed, 5 Aug 1998, Raul Miller wrote:
> Santiago Vila <sanvila@unex.es> wrote:
> > Summary: Currently, anybody may un*****[*] anybody else from any of the
> > debian lists. This is easily solved by using cookies both for sub*** and
> > for un****, but lists.debian.org maintainers do not want to use cookies for
> > un***** because they say it is "more work" for them.
>
> The right thing to do is use cookies when the person sending the
> request is not the subscriber. The cookie message (and the confirm
> message) should be sent to the subscriber as well. [If the person
> sending in the verification isn't the subscriber that address should
> also get a copy of the confirm.]
>
> And the system should auto-unsubscribe if there are too many bounces in
> a row (if after a number of days most all messages bounce it's time to
> unsubscribe the address).
It does.
it has happened to me.
Jules
/----------------+-------------------------------+---------------------\
| Jelibean aka | jules@jellybean.co.uk | 6 Evelyn Rd |
| Jules aka | jules@debian.org | Richmond, Surrey |
| Julian Bean | jmlb2@hermes.cam.ac.uk | TW9 2TF *UK* |
+----------------+-------------------------------+---------------------+
| War doesn't demonstrate who's right... just who's left. |
| When privacy is outlawed... only the outlaws have privacy. |
\----------------------------------------------------------------------/
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: