alain williams writes:
Do add what was discussed here a month or so ago: the ability for a list owner to change a user's email address.
Sorry, but this is a design problem that is way out of scope for GSoC. For example
From: alain@hacks.r.us
To: somelist-owner@example.net
Subject: Please change my address
I can't access my addw address because I'm not working at phcomp
any more. -- AlainOops.
In general, addresses are *owned* by users. So you need to authenticate the *user* in order to be sure you're changing the address for the right person. List owners are often not even power users. At least site owners can be expected to have some experience with how nasty the raw Internet is and a certain amount of paranoia, but that's not generally true of list administrators.
I want the people designing privilege hierarchies to be MUCH more paranoid than typical site owners.
? should a list owner be able to do so ? Ie rogue/malicious list owners.
I'm not really worried about a rogue list owner. I'm worried about naive list owners.
-- GNU Mailman consultant (installation, migration, customization) Sirius Open Source https://www.siriusopensource.com/ Software systems consulting in Europe, North America, and Japan