Re: Can one-way lists be created?
On Fri, Feb 14, 2003 at 01:21:41AM -0500, Charlie Summers wrote:
At 12:26 AM -0500 2/14/03, Donald MacDougall is rumored to have typed:
Then you want to rm the symlink named accept which links to the dist file and instead creat an accept file which contains the email addresses of all the people who should be able to submit to the list.
ANd, since From: header fields are easily forgable, you should _still_ make your list moderated and require those "trusted" users to "approve" their messages as well. (See archives for pointers to various patches for multiple maintainers, different methodology for approving messages, and other security considerations.)
Charlie
Well, ok. I suppose. But if I were setting up a few lists for a few instructors to communicate with a few students I wouldn't. The potential for abuse is just to low. I have lists for each of our four classes of medical students and don't restrict them in any way. They are entirely open to posting by anyone anywhere, and in five years or so have only had two small incidents of companies getting hold of the list names and sending advertising to them, probably given to the companies by students who thought they were good things for their fellow students to know about. I've blocked those companies and the lists remain open. We allow the students to post, not just the instructors and administrators, although there was considerable pressure in the beginning to restrict it. Faculty felt that their "important" email would get lost in all the (in their opinion) inconsequential student posting. My argument for allowing students to post is that email lists are just too convenient a method of communication to be suppressed and so if we try to restrict ours, the students would soon be gathering up email addresses and producing their own lists. If we allow them to use ours it allows us to keep an eye on what is getting exchanged on the list, and we have an idea how many, supposedly inconsequential, student postings ours are getting buried in. If we force them to creat their own, we will never know. Students tend to police their own lists pretty well anyway. They don't like spam anymore than anyone and if someone gets out of line they get pounced on pretty quickly. Now I suppose the time may come when it will be necessary to restrict posting in some way or other, but I plan to cross that bridge when I come to it. If I were a faculty member in a department of statistics and I were setting up lists for faculty to communicate with their students, I wouldn't add any more impediments to their use of the lists than absolutely necessary. Time to think about that when and if it becomes necessary and after and after faculty become comfortable using the lists without the necessity of learning how to approve their own postings. Just one man's opinion. Don MacDougall USC School of Medicine
At 11:26 AM -0500 2/14/03, Donald MacDougall is rumored to have typed:
I have lists for each of our four classes of medical students and don't restrict them in any way.
You're welcomed to have open lists if you want; that is NOT what the original poster was interested in, however. I maintain that if security is important enough that you need to restrict posting to a select few, one should as a matter of course lock the list down through moderation instead of relying on the obviously-insecure methodolody of checking a forgable header field. That you aren't interested in even unsetting foreign_submit for your lists, certainly your call as the maintainer, doesn't change that opinion. Charlie Summers
participants (2)
-
Charlie Summers -
Donald MacDougall