Re: Debian is secure, the debian lists are not.
Santiago Vila <sanvila@unex.es> wrote:
> Summary: Currently, anybody may un*****[*] anybody else from any of the
> debian lists. This is easily solved by using cookies both for sub*** and
> for un****, but lists.debian.org maintainers do not want to use cookies for
> un***** because they say it is "more work" for them.
The right thing to do is use cookies when the person sending the
request is not the subscriber. The cookie message (and the confirm
message) should be sent to the subscriber as well. [If the person
sending in the verification isn't the subscriber that address should
also get a copy of the confirm.]
And the system should auto-unsubscribe if there are too many bounces in
a row (if after a number of days most all messages bounce it's time to
unsubscribe the address).
In my opinion.
--
Raul
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: