Administrivia 'who' matches too much

Bug #739524 reported by Joseph Brennan on 2011-03-21
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Mark Sapiro

Bug Description

Mailman/ has: 'who': (0, 2),
This matches subject and start-of-line with many ordinary-language sentences or headings like 'who are you?' or 'Who is affected:'. I suggest dialing it back to (0, 1) which would have far fewer false positives, or even (0, 0) as it once was.

Mark Sapiro (msapiro) wrote :

I think the consequences of allowing mail with the command "who <password>" containing the list admin password to go to the list if inadvertently sent to the list posting address are more serious than the consequences of a false positive administrivia hold.

The "who <password> address=<address>" form is probably less used and less likely to contain the list password, since the address= option is irrelevant if the password is the list admin or moderator password. Since the argument count range was (0, 0) prior to Mailman 2.1.10, I think changing it to (0, 1) is OK, but I think (0, 0) has too much risk.

Also, note that any message that contains more than DEFAULT_MAIL_COMMANDS_MAX_LINES non-blank body lines prior to any '-- ' signature separator is not administrivia, so reducing DEFAULT_MAIL_COMMANDS_MAX_LINES from the default 25 can also reduce the false positives.

Changed in mailman:
assignee: nobody → Mark Sapiro (msapiro)
importance: Undecided → Low
milestone: none → 2.1.15
status: New → Triaged

As a new-ish Mailman admin I couldn't say how common the 1 and 2 args would be -- need you to judge. And I missed DEFAULT_MAIL_COMMANDS_MAX_LINES-- thank you.

Mark Sapiro (msapiro) wrote :

Committed change from (0, 2) to (0, 1).

Changed in mailman:
status: Triaged → Fix Committed
Mark Sapiro (msapiro) on 2012-06-15
Changed in mailman:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers