[Mailman-Developers] unsubscription-approval

[Thomas Wouters]

I've just uploaded a patch to Sourceforge which adds
unsubscription-request-approval. This mirrors subscription-approval in that
unsubscribe requests get held for admin approval. This is configurable per
list, of course, just like subscribe-approval, and also has to be explicitly
enabled by the site-admin -- the default is to disallow the setting.

Some small notes:

- If a site-admin changes the default from allow to disallow, lists
which have it set need to be manually reset. This may be seen as a bug, but
it allows some lists to have it defined without allowing other list admins
to turn on the feature. I dont rely on it, though, so if someone gets
inspiration to fix it, please do ;)

- I didn't update the DATA_FILE_VERSION.

- I didn't test this particular patch overly well, since it's kind of tricky
to get a decent diff without 'cvs diff', and I couldn't use 'cvs diff'
because the patch adds a file. ('cvs diff' doesn't 'create' files, and patch
with POSUXLY_CORRECT defined (which is necessary to apply cvs-diffs) will
not create new files regardless.) I *might* have forgotten a part of the
patch, but I went over it a few times, so I dont think so.

- I had to use some trickstery to only optionally add the
unsubscription-approval feature to the list-options dictionary. This works
just fine, but I'm not sure if it's the optimal solution.

The patch should be easy to find, as it's the only patch, currently ;)

Oh, I also have two other small patches lying around, but I'm not sure if
they're suitable for inclusion. One is a 'posters-file' config setting,
which is a string containing the full path to a file with email addresses,
which gets appended to the posters list. It's very useful to us, because we
have a lot of employees with a *lot* of aliases, and they post from every
one ;) but it's not particularly secure, currently.

The other patch is a very rudementary Archive access restriction: We send a
lot of private information over the lists, and it wouldn't do for someone
from, say, a competing company to guess an employee's mailman password and
thus gain access to the list archives. However, I do want to use mailman
password checking for the archives, so I can't use a 'public' archive with a
normal .htaccess restriction.

So I've added a list of strings (containing (parts of) ipaddresses or
networks) which are matched against the REMOTE_ADDR environment, which
should contain the ipaddress of the requester. To do that, I've also added a
StringList field type, which is like the EmailList field type, stripping and
filtering the list of strings, but without the Email validation check.

Let me know if anyone wants to see those patches.

-- 
Thomas Wouters <thomas@xs4all.net>

Hi! I'm a .signature virus! copy me into your .signature file to help me spread!