[Mailman-Users] display members moderator flag
Mark Sapiro
mark at msapiro.net
Fri Aug 5 00:11:46 EDT 2016
Mark Sapiro wrote:
> On 08/04/2016 08:06 PM, Stephen J. Turnbull wrote:
>> Beu, Ed (DOA) writes:
>>
>> > We've discovered that if the Unsubscribe_Policy is set to Yes (1),
>> > the moderator can unsubscribe members without the members input!
>> > The member simply gets a notice that they've been unsubscribed.
>>
>> But that means that *anybody* can unsubscribe a member, since only
>> moderation is enabled by the moderation password, not other list
>> management features such as subscription management. So there is
>> apparently no authorization or authentication required to unsubscribe
>> someone.
>
>
> No. It means anyone can request unsubscription of anyone, but the
> unsubscription requires moderator approval. Presumably the moderator
> won't approve it if she didn't initiate it.
However, I realize there is a problem in that all unsubscribes, even
those initiated by a user with a password, require moderator approval so
if a moderator sees an unsubscription request that she didn't initiate,
she has no way to know if this was intentionally initiated by the user
or inadvertently or maliciously by someone else.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list