Hi all!
My question may be dumb, but I need some confirmation.
I set up a list so that the roster is visible to subscribers.
I just noticed that, when any subscriber logs into the roster, s/he can
access any other user's option page and try to unsubscribe that user or
send a password reminder.
I know no user can be unsubscribed without replying to the confirmation
message, but I was very surprised that any subscriber would be allowed
to do that to any other. I thought making the roster visible to
subscribers would only expose their emails (and names, if they provided
one).
Is this by design, or is this a bug in my Mailman installation? Is there
any way of making the roster visible to subscribers without giving
access to personal option pages through it?
Rubén
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
