> If the only way you can think of to announce your private
> little take-off of list-abuse (grow some originality, maybe?)
list-protection predates list-abuse; not that you care about facts.
> is to attack list-managers by forging Brent's address,
Works better to attack it by sending mail to -outgoing, I think.
> Let me guess -- you'll promote "greater security" by
> telling folks how to hack any list not running qmail?
qmail isn't a mailing list manager.
Anyway, yes, I will point out security holes where I see them.
Several people in my crypto class were able to break majordomo's cookie
system, under time pressure, as an extra-credit problem on the midterm.
You're a fool if you think spammers will have trouble doing the same.
> You disgust me, sir.
You disgust me too. You're attacking the people who point out security
problems, rather than working to help fix the problems.
Let your users manage their own mailing lists. http://pobox.com/~djb/qmail.html