>>>>> "NB" == Norbert Bollow <bollow@math.ethz.ch> writes:
NB> I don't consider that a valid reason against including a feature which is
NB> a real time-saver for the list-owner.
I don't really see how it saves time for the owner, really.
NB> A simple implementation of single-command addresses would generate
NB> confirmation tokens only for reasonably short messages (say, ten lines or
NB> less) and respond to longer messages with a specific help message that
NB> explains how to zubscribe (or unzubscribe).
Now we're parsing the body of the messages, too, but that's a good idea.
Extreme devil's advocate: why, then, don't we parse commands in the
subject, too? It meets most of the criteria (easy to do, easy for users,
other packages do it, etc.) so why do we always resist it?
NB> Has any effort been made yet to secure Majordomo to make sure that the
NB> token generation process can not be abused to make denial-of-service
NB> attacks? (This is an issue which is not specific to single-command
NB> addresses, but one which could potentially become much worse when
NB> single-command addresses are implemented.)
This is exactly the same as the other time-based limiting question. People
keep asking about this, but nobody ever comes up with any good ideas.
(Except Chuq, but I don't think he's on here.)
- J<
Follow-Ups:
References:
|
|
