Questions about new mailing lists setup on common-lisp.net

Marco Antoniotti marcoxa at cs.nyu.edu
Thu Apr 25 10:57:04 UTC 2013


In reality I still have one question.

Is Mailman still used or not?

MA


On Apr 25, 2013, at 09:47 , Jean-Claude Beaudoin <jean.claude.beaudoin at gmail.com> wrote:

> 
> On Wed, Apr 24, 2013 at 2:02 PM, Drew Crampsie <drew.crampsie at gmail.com> wrote:
> > 1- Is there a web based interface to browse the archive of a list?
> 
> Not yet. It is trivial to do and will be done, but this is the first time it has been requested ,and there are only 15 or so messages that need archived (lists are not very busy it seems), so it will be done shorty. It is trivial to do so : http://mlmmj.org/archive/mlmmj/2010-08/0000002.html and http://mlmmj.org/docs/readme-archives/ .
> 
> > 2- Is the mailman era archive of each list now simply
>     unreachable from the web? 
> 
> It shouldn't be. Give me a http:// URL that should work?
> 
> > 3- Is there a web based interface for new users to subscribe
>     to a list? 
> 
> not really, though it may be done soon. But, <a href="mailto:projectfoo-devel+subscribe at common-lisp.net"> ... </a> is easy enough for now.
> 
> >  From what I understand now there is no password associated
>      with a subscription to a list, nor is there any password
>      associated with the owner/admin role of a list.  
> 
> Can you tell me what you have read that makes it seem like very very insecure? Also, what are you talking about "password associated
>      with ..."?
> 
> > Am I wrong
> in believing that now someone simply has to send emails 
> with a forged From: field to hijack control of the list/subscription?
> 
> Well, what made you believe that? Is there a simple way that folks can easily hijack a list over email? 
> 
> As far as I know, it was audited by a company that worries about such things, http://mlmmj.org/docs/readme-security/ , and does not have a problem... can you please show me how/where/when you are able to hijack a list? mlmmj-test at common-lisp.net is a great place to start, and please feel free to hijack it.
> 
> Let me know if I have answered all the questions, and let me know the security holes you have discovered.
> 
>  -- drewc
> 
> 
> Indeed you have answered all the questions I asked and this does clarify the current situation.
> 
> Thank you,
> 
> Jean-Claude Beaudoin
> 
> 
> 
>  
> 
> 
> 
> 
> 
>  
> 
>  
> 
> 
> On Wed, Apr 24, 2013 at 2:00 AM, Jean-Claude Beaudoin <jean.claude.beaudoin at gmail.com> wrote:
> 
> I have been trying to figure out the new project mailing lists setup
> on common-lisp.net for the last few hours. I think I more or less
> understand now how the lists setup is to be used but I still
> have a few questions left:
> 
> 1- Is there a web based interface to browse the archive of a list?
> 
> 2- Is the mailman era archive of each list now simply
>     unreachable from the web?
> 
> 3- Is there a web based interface for new users to subscribe
>     to a list?  Or, do we have to explain them on the project page
>     that they need to send email to say
>     "projectfoo-devel+subscribe at common-lisp.net" in order
>     to subscribe to the projectfoo-devel list?
> 
> 4- From what I understand now there is no password associated
>      with a subscription to a list, nor is there any password
>      associated with the owner/admin role of a list.  Am I wrong
>      in believing that now someone simply has to send emails
>      with a forged From: field to hijack control of the list/subscription?
> 
> Thanks,
> 
> Jean-Claude Beaudoin
> 
> 
> 

--
Marco Antoniotti





More information about the clo-devel mailing list