| From: | Philippe Cloutier <chealer(at)gmail(dot)com> |
|---|---|
| To: | Michael Schultheiss <schultmc(at)spi-inc(dot)org>, spi-general(at)lists(dot)spi-inc(dot)org |
| Subject: | Re: Issue #18: Access to spi-private mailing list archives unclear |
| Date: | 2021-04-15 20:32:09 |
| Message-ID: | f6519618-336d-1201-3d39-f4261f82a8be@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox |
| Thread: | |
| Lists: | spi-general |
Hi Michael,
Le 2021-04-10 à 20:12, Michael Schultheiss a écrit :
> Philippe Cloutier wrote:
>> SPI's website allows (visibly) to consult the archives of the spi-private
>> mailing list, via http://lists.spi-inc.org/private/spi-private/
>>
>> Unfortunately, this requires authentication using an unspecified password. I
>> for one am currently unable to access the archives as a result (I do not
>> remember ever managing to access).
> All mailman lists have user level passwords. If you don't recall your
> spi-private password, you can enter your email in the final box on
> http://lists.spi-inc.org/listinfo/spi-private and click [Unscubscibe or
> edit options] and get a password reminder from the next page.
Thank you, I managed to access the archives thanks to the "password
reminder". I also understood what happened. I had never set a password
for spi-private. The password was determined by Mailman, and indicated
to me in the mail which I received on subscription.
That subscription mail (and therefore my password) has been in my
mailbox for 4 years. In my opinion, this might constitutes a security
issue; anyone who would gain access to the mailbox of an spi-private
subscriber who did not delete their subscription message would gain
access to the full history of spi-private.
That being said, to go back to the original problem, the paragraph
"(/The subscribers list is only available to the list administrator./)"
which starts the Spi-private Subscribers section in
http://lists.spi-inc.org/listinfo/spi-private seems to suggest the whole
section is irrelevant for most subscribers.
I recommend the following:
1. Indicate in http://lists.spi-inc.org/private/spi-private/ that all
subscribers have a password, and that it can be sent as a reminder.
2. Clarify the Spi-private Subscribers section by:
1. Moving the paragraph about unsubscribing first.
2. Merging the first 2 paragraphs (the parenthesis can be merged
into the "Enter your admin address and password to visit the
subscribers list" paragraph.)
3. Fixing the "Unsubscribe or edit options" button's label so it
covers all its functions.
--
This mail's original content (non-quoted parts) is available under the Creative Commons Attribution-ShareAlike License 4.0.
Philippe Cloutier
http://www.philippecloutier.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Philippe Cloutier | 2021-04-24 15:43:31 | Issue #19: Mailing list archives do not show message recipients |
| Previous Message | Michael Schultheiss | 2021-04-11 00:12:43 | Re: Issue #18: Access to spi-private mailing list archives unclear |