[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian is secure, the debian lists are not.


On Thu, 6 Aug 1998, Luis Francisco Gonzalez wrote:

> Given that we know of no case of somebody unsubscribing others for fun,
> I don't think there is much weight in the argument of doing it that
> way.

Well, we know of no case of somebody uploading a trojan horse to Incoming,
but currently pgp signatures are required for all uploads. I don't think
this is so different. We have to be secure before the harm is
made for the first time, not after.

In your particular case (which is an exception), I assume a PGP-signed
mail to the listmaster asking to remove you from the list could have
been also a solution. If needed, I would offer myself for this type of
assistance if the current listmasters think this is outside the scope of 
a listmaster, but I don't think it will happen so often for more people to
become necessary in the listmaster role.

I would understand not to use cookies for lists like debian-user, which
are not "vital" for the project, but the remaining ones? Consider that
anybody may unsubscribe *anybody* from debian-devel while we sleep, one
day before the release, for example.

Why should we allow that?

Version: 2.6.3ia
Charset: latin1


To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: