GNU Mailman

Mailman on open-source hosting sites is a data jail

Bug #444033 reported by Eric S. Raymond
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
New
Wishlist
Unassigned

Bug Description

Mailman, as commonly deployed on open-source hosting sites such as gna.org and berlios.de and Savannah, is a data jail. There is no way for a mailing list administrator to download a snapshot of even just the list's addresses through the Web interface, let alone list options and other ancillary data..

This has very practical bad consequences. It means that project admins on these sites cannot do effective recovery planning against the possibility of a site outage, whether from spectacular causes like natural disaster or from more mundane ones like staff burnout and underfunding. I had my nose painfully rubbed in this problem over the weekend during a berlios.de site outage that I had reason to fear might be permanent; I thought I had irretrievably lost my email links to my developer group!

It is also philosophically wrong for Mailman, or any other component of an open-source hosting system, to be a data jail. I am not going to lecture about this, as I suspect the arguments should be blindingly obvious now that I have raised the point.

It should be possible to get a snapshot of the list metadata, and upload that snapshot into a fresh Mailman instance to losslessly recreate the list configuration. This feature should *not* assume that the list administrator has shell access to the Mailman host.

I Just filed a similar bug with the developers of Savane, and expect to do so against several other open-source hosting systems within the next few days. Data jailing creates significant vulnerabilities in our community infrastructure. As perhaps the most ubiquitous shared component of project-hosting systems, Mailman should set a good example for all.

Revision history for this message
Barry Warsaw (barry) wrote :

See Mailman 3 :)

Revision history for this message
Eric S. Raymond (esr-thyrsus) wrote : Re: [Bug 444033] Re: Mailman on open-source hosting sites is a data jail

Barry Warsaw <email address hidden>:
> See Mailman 3 :)

Pointer to docs of this feature, please? Maybe I can jawbone gna and a few
other sites into upgrading with it.
--
  <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

Revision history for this message
Mark Sapiro (msapiro) wrote :

As Barry says, this is addressed in MM 3.

In the interim, see the FAQ at http://wiki.list.org/x/aYA9 for ways to get a list of subscribers and their common options via the web.

Revision history for this message
Eric S. Raymond (esr-thyrsus) wrote :

Mark Sapiro <email address hidden>:
> As Barry says, this is addressed in MM 3.
>
> In the interim, see the FAQ at http://wiki.list.org/x/aYA9 for ways to
> get a list of subscribers and their common options via the web.

Thanks. Note that at least one example URL in the FAQ,

  http://www.example.com/mailman/roster/listname

is 404 and probably needs to be fixed.
--
  <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

Revision history for this message
Barry Warsaw (barry) wrote :

Well, sure Eric, it's an /example/ domain. :)

Revision history for this message
Adam McGreggor (adam-amyl) wrote :

On Mon, Oct 05, 2009 at 10:43:40PM -0000, Eric S. Raymond wrote:
> Thanks. Note that at least one example URL in the FAQ,
>
> http://www.example.com/mailman/roster/listname
>
> is 404 and probably needs to be fixed.

http://tools.ietf.org/html/rfc2606

    3. Reserved Example Second Level Domain Names

   The Internet Assigned Numbers Authority (IANA) also currently has the
   following second level domain names reserved which can be used as
   examples.

        example.com
        example.net
        example.org

perhaps?

--
Go mad this weekend: buy some beef! (advert at a supermarket)

Revision history for this message
Eric S. Raymond (esr-thyrsus) wrote :

Barry Warsaw <email address hidden>:
> Well, sure Eric, it's an /example/ domain. :)

Erm, you probably shouldn't make it live hotlink in the FAQ then.
--
  <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

Revision history for this message
Mark Sapiro (msapiro) wrote : Re: [Bug 444033] Re: Mailman on open-source hosting sites is a datajail

Eric S. Raymond wrote:
>
>Erm, you probably shouldn't make it live hotlink in the FAQ then.

If it looks like a URL, confluence makes it an active link. I don't
know how to tell confluence not to do this. Do you?

--
Mark Sapiro <email address hidden> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan

Revision history for this message
Eric S. Raymond (esr-thyrsus) wrote :

Mark Sapiro <email address hidden>:
> Eric S. Raymond wrote:
> >
> >Erm, you probably shouldn't make it live hotlink in the FAQ then.
>
>
> If it looks like a URL, confluence makes it an active link. I don't
> know how to tell confluence not to do this. Do you?

Sorry, I've never even heard of "confluence" before.
--
  <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

Revision history for this message
Spike (o-launchpad-amishrabbit-com) wrote :

The markup tag to remove all formatting in Confluence is {noformat} (text) {noformat}

Revision history for this message
Mark Sapiro (msapiro) wrote :

Right , but if I put {noformat} tags around the URL, it turns a simple sentence like

"Visit the roster via the listinfo page or directly at something like <http://www.example.com/mailman/roster/listname> and copy/paste/edit the result."

into

Visit the roster via the listinfo page or directly at something like
____________________________________________
| <http://www.example.com/mailman/roster/listname> |
 ____________________________________________

and copy/paste/edit the result.

I.e. it separates the {noformat} text from the surrounding text and puts a box around it. Or, if I put the {noformat} tags around the whole sentence/paragraph, it is still separated from the surrounding text and boxed. {code} markup behaves similarly. So How do I markup a simple sentence like the first one above to keep it's visual appearance but turn off making the example URL an active link.

Revision history for this message
jm (jemisa+launchpad) wrote :

{nolink} is what you are looking for

Visit the roster via the listinfo page or directly at something like {nolink}<http://www.example.com/mailman/roster/listname>{nolink} and copy/paste/edit the result.

will display
"Visit the roster via the listinfo page or directly at something like <http://www.example.com/mailman/roster/listname> and copy/paste/edit the result."

Revision history for this message
Barry Warsaw (barry) wrote :

@jm: Thanks, I've updated the wiki page.

Changed in mailman:
status: New → Fix Released
importance: Undecided → Low
status: Fix Released → New
importance: Low → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.