Administrivia 'who' matches too much
Bug #739524 reported by
Joseph Brennan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Low
|
Mark Sapiro |
Bug Description
Mailman/Utils.py has: 'who': (0, 2),
This matches subject and start-of-line with many ordinary-language sentences or headings like 'who are you?' or 'Who is affected:'. I suggest dialing it back to (0, 1) which would have far fewer false positives, or even (0, 0) as it once was.
Changed in mailman: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I think the consequences of allowing mail with the command "who <password>" containing the list admin password to go to the list if inadvertently sent to the list posting address are more serious than the consequences of a false positive administrivia hold.
The "who <password> address=<address>" form is probably less used and less likely to contain the list password, since the address= option is irrelevant if the password is the list admin or moderator password. Since the argument count range was (0, 0) prior to Mailman 2.1.10, I think changing it to (0, 1) is OK, but I think (0, 0) has too much risk.
Also, note that any message that contains more than DEFAULT_ MAIL_COMMANDS_ MAX_LINES non-blank body lines prior to any '-- ' signature separator is not administrivia, so reducing DEFAULT_ MAIL_COMMANDS_ MAX_LINES from the default 25 can also reduce the false positives.