Robots needed in individual msgs
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
New
|
Medium
|
Unassigned | ||
Bug Description
Mailman 2.1b5. Archive summary web pages have
Robot shoo-away META tags, but the individual
messages do not. They should be labelded the
same way, for the same reasons. They are exposed
to plunder in publically visible archives.
Similarly, I wish we had a control to force
authentication before aggregates are downloaded.
I have removed the wide open "download the whole
thing" givaway, but the individual (month, *.txt ) files
are vulnerable. Changing this behavior is too difficult
for a non-Python expert. I have also removed the
web based list creation/removal cgi-bin scripts
and associated web page material. The security model
is set for exploitation first, protection second.
Joe D.
[http://
