Administrivia 'who' matches too much
Bug #739524 reported by
Joseph Brennan
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
Fix Released
|
Low
|
Mark Sapiro | ||
Bug Description
Mailman/Utils.py has: 'who': (0, 2),
This matches subject and start-of-line with many ordinary-language sentences or headings like 'who are you?' or 'Who is affected:'. I suggest dialing it back to (0, 1) which would have far fewer false positives, or even (0, 0) as it once was.
Revision history for this message
| Mark Sapiro (msapiro) wrote | #1 |
| Changed in mailman: | |
| assignee: | nobody → Mark Sapiro (msapiro) |
| importance: | Undecided → Low |
| milestone: | none → 2.1.15 |
| status: | New → Triaged |
Revision history for this message
| Joseph Brennan (brennan-columbia) wrote | #2 |
Revision history for this message
| Mark Sapiro (msapiro) wrote | #3 |
| Changed in mailman: | |
| status: | Triaged → Fix Committed |
| Changed in mailman: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
I think the consequences of allowing mail with the command "who <password>" containing the list admin password to go to the list if inadvertently sent to the list posting address are more serious than the consequences of a false positive administrivia hold.
The "who <password> address=<address>" form is probably less used and less likely to contain the list password, since the address= option is irrelevant if the password is the list admin or moderator password. Since the argument count range was (0, 0) prior to Mailman 2.1.10, I think changing it to (0, 1) is OK, but I think (0, 0) has too much risk.
Also, note that any message that contains more than DEFAULT_