> If the only way you can think of to announce your private
> little take-off of list-abuse (grow some originality, maybe?)
list-protection predates list-abuse; not that you care about facts.
> is to attack list-managers by forging Brent's address,
Works better to attack it by sending mail to -outgoing, I think.
> Let me guess -- you'll promote "greater security" by
> telling folks how to hack any list not running qmail?
qmail isn't a mailing list manager.
Anyway, yes, I will point out security holes where I see them.
Several people in my crypto class were able to break majordomo's cookie
system, under time pressure, as an extra-credit problem on the midterm.
You're a fool if you think spammers will have trouble doing the same.
> You disgust me, sir.
You disgust me too. You're attacking the people who point out security
problems, rather than working to help fix the problems.
---Dan
Let your users manage their own mailing lists. http://pobox.com/~djb/qmail.html
Follow-Ups:
|
|
