[Mailman-Users] Is there a feature that allows for rights to various levels of email?

[Stephen J. Turnbull]

Greg Skipper, MD writes:

 > I need to setup a listserv that allows for assigning rights to 2 or
 > more levels of priviledge (i.e. first level can receive from
 > everyone, second level can only read second class or thread
 > responses from first class). Does anyone know of such an option
 > anywhere? Thanks

As Mark posted, I don't think this is possible within a single list in
any list manager, and in fact I don't think it would be a good idea to
try to handle it in a single list anyway (if I understand your
requirement correctly -- see the last paragraph for an alternative
interpretation where it's actually reasonably easy to come quite close
with a single Mailman list and any reasonably capable mail programs
being used by the privileged members).

The obvious way to handle this is to have two lists.  One is open only
to high-privilege subscribers (enforced by requiring a list admin's OK
to subscribe and private archives).  The other is open to the general
membership (in cases such as "open source" software development like
Mailman, anybody can subscribe, but it would also be possible to
restriction subscription and archive access to bona fide members in
the unprivileged list at the cost of increased administrative burden).

If a thread started on the privileged list is of general interest and
not sensitive, it can be moved manually to the unprivileged list,
simply by editing the address in the header.  If earlier posts are
needed for context, they can be manually forwarded.

Note that the scheme you describe will probably need some such
mechanism where the privileged members need to decide explicitly which
level of privilege they want to post to.  The two-list solution is a
well-known method used in many software development communities to
handle reports of security vulnerabilities.

I'd like to point out that your usage may end up very closely
approximating a common pattern with such security lists.  Namely, the
developers who actually work on security problems are subscribed to
both lists, but rarely start threads on the general list.  In that
case, you will get exactly the usage I undersetand from your
description: the privileged users post new threads visible only to the
privileged list members, unprivileged users' posts are visible to
everyone, and everyone's replies to posts to either list are
automatically directed to the right audience.

If some of the posts by unprivileged members might be sensitive, they
can be allowed to post to the privileged list.  The privileged members
will need to use reply-to-all to direct replies to both the
unprivileged member and the list.  (This is how software security
lists work -- most such issues are reported by third parties, who
often continue to provide information as the thread develops.)  Of
course directing the original post correctly is a slight burden on the
unprivileged members, but on they other hand they're the ones with the
privacy concern, and they have high motivation to get this right.
Naming the lists appropriately can help a lot; eg, in the software
vulnerability case, you have lists named "users at project.org" and
"security at project.org", which is pretty easy to figure out.  In the
case of a medical practice, you could use "discuss@" and "consult@"
(and you can probably do better than me, anyway, but that example is a
reasonable place to start, I hope).

Finally, if I misunderstood your requirements, and you don't need a
general discussion list at all, but what you want is for there to be a
single point of contact for the privileged members, but only the
privileged members and the original poster should see replies, a
single list with privileged members as subscribers but posting open to
non-subscribers, with replies using reply-to-all, would provide this
service.  In fact, there may be feature which does not require use of
reply-to-all already, but if not it would not be difficult to alter
Mailman to do this automatically, as well (that is, include any
non-members who are the author or recipient in the Reply-To list).

HTH,