|| at Apr 20, 2011 at 2:54 pm
Dag Wieers wrote: On Thu, 14 Apr 2011, Dag Wieers wrote:
We have been using the Approved header as a way to automatically approve
commit logs to a read-only mailinglist. We recently moved our infrastructure
to github and I wrote a patch to the github Email service hook to add an
Now the problem of course is that this secret currently is either the list
admin or the list moderator password, which is far from secure. Especially if
the mails are not created on the mailman list server.
So I would propose to allow to set a separate secret used for approved
messages. If compromised, it's easy to change that secret on both sides.
Is this acceptable ?
I received no feedback on this. Shall I open a ticket for this, or is this
not considered valuable ?
Sorry for not responding sooner. I do think it is a good idea. Although
many lists do not need separate admins and moderators and could thus
use the moderator password in this way, I think a separate 'posters'
password would be a valuable change.
The problem is Mailman 2.1 is supposed to be feature frozen, and this
is a rather extensive change involving the web GUI to set the
password, and list migration changes to ensure that list objects have
the poster password attribute. We can certainly consider this for MM3.
Please open a tracker item at
>, and I'll see what I can
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan