[Mailman-Developers] A bit of perspective ....

[Barry Warsaw]

On Sat, 2004-01-31 at 15:56, Jeff Warnica wrote:
> I suppose it can be, but it is a question of where you implement your security.
> If mailman is to use SQL to store preferences then it is up to mm to deal with
> what records a user can update. If the mm interface to LDAP goes through one
> master LDAP account, then it is still mm's job... But if mm binds to LDAP as
> the mm user, then security is the responsibility of the LDAP server. With
> OpenLDAP, and NDS permissions can be extreemly fine grained, down to the
> attribute level. Ive not so much as seen ADS running anywhere, but I can only
> assume that it does too.
> 
> How secure an admin might want to make it is likely to be related to what else,
> if anything, their LDAP directory is being used for. A hypothetical site with
> 10,000 users in NDS, and 100,000 other things (printers, queues....), which
> they have been using for a decade, may be very restrictive. Another site
> installing MM+LDAP for fun as much as anything else, might just give the MM
> user unlimited rights.

It's things like this that give me the willies and keeps me up at
night.  It's already more difficult than I'd like for the average joe to
install Mailman and integrate it with all the other moving parts.  By
using A Real Database, we have to accept that it will be even more
difficult because there isn't any such db that I'm aware of that is
fully transactional but requires no administration.  Say one thing about
MM2's crufty pickle storage, but it's brain dead easy and requires no
administrative overhead.  Of course it doesn't scale, which is why it's
acceptable to add some overhead, but forcing most users to deal with
stuff like the above is more than we should ask of them.

-Barry