Re: Issue #18: Access to spi-private mailing list archives unclear

SPI's website allows (visibly) to consult the archives of the
spi-private mailing list, via http://lists.spi-inc.org/private/spi-private/

Unfortunately, this requires authentication using an unspecified
password. I for one am currently unable to access the archives as a
result (I do not remember ever managing to access).

--
This mail's original content (non-quoted parts) is available under the Creative Commons Attribution-ShareAlike License 4.0.

Philippe Cloutier
http://www.philippecloutier.com

Philippe Cloutier wrote:
> SPI's website allows (visibly) to consult the archives of the spi-private
> mailing list, via http://lists.spi-inc.org/private/spi-private/
>
> Unfortunately, this requires authentication using an unspecified password. I
> for one am currently unable to access the archives as a result (I do not
> remember ever managing to access).

All mailman lists have user level passwords. If you don't recall your
spi-private password, you can enter your email in the final box on
http://lists.spi-inc.org/listinfo/spi-private and click [Unscubscibe or
edit options] and get a password reminder from the next page.

--
----------------------------
Michael Schultheiss
E-mail: schultmc(at)spi-inc(dot)org

Hi Michael,

Le 2021-04-10 à 20:12, Michael Schultheiss a écrit :
> Philippe Cloutier wrote:
>> SPI's website allows (visibly) to consult the archives of the spi-private
>> mailing list, via http://lists.spi-inc.org/private/spi-private/
>>
>> Unfortunately, this requires authentication using an unspecified password. I
>> for one am currently unable to access the archives as a result (I do not
>> remember ever managing to access).
> All mailman lists have user level passwords. If you don't recall your
> spi-private password, you can enter your email in the final box on
> http://lists.spi-inc.org/listinfo/spi-private and click [Unscubscibe or
> edit options] and get a password reminder from the next page.

Thank you, I managed to access the archives thanks to the "password
reminder". I also understood what happened. I had never set a password
for spi-private. The password was determined by Mailman, and indicated
to me in the mail which I received on subscription.

That subscription mail (and therefore my password) has been in my
mailbox for 4 years. In my opinion, this might constitutes a security
issue; anyone who would gain access to the mailbox of an spi-private
subscriber who did not delete their subscription message would gain
access to the full history of spi-private.

That being said, to go back to the original problem, the paragraph
"(/The subscribers list is only available to the list administrator./)"
which starts the Spi-private Subscribers section in
http://lists.spi-inc.org/listinfo/spi-private seems to suggest the whole
section is irrelevant for most subscribers.

I recommend the following:

1. Indicate in http://lists.spi-inc.org/private/spi-private/ that all
subscribers have a password, and that it can be sent as a reminder.
2. Clarify the Spi-private Subscribers section by:
1. Moving the paragraph about unsubscribing first.
2. Merging the first 2 paragraphs (the parenthesis can be merged
into the "Enter your admin address and password to visit the
subscribers list" paragraph.)
3. Fixing the "Unsubscribe or edit options" button's label so it
covers all its functions.

--
This mail's original content (non-quoted parts) is available under the Creative Commons Attribution-ShareAlike License 4.0.

Philippe Cloutier
http://www.philippecloutier.com