Page MenuHomePhabricator

Archive of the Listadmins mailing list isn't restricted to members
Closed, DeclinedPublic

Description

I'm marking this as a security bug out of an abundance of caution.

I am surprised to see that the listadmins mailing list archive is public. I expected it to be restricted to members only. I would bring up this question with the list administrators, but the only list administrator shown is Thehelpfulone and he has been inactive on public wikis since April 2017, and has made only two public edits on wikis in all of 2017.

I suggest restricting the mailing list archive to members only.

Event Timeline

Pine created this task.Jul 15 2017, 11:58 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 15 2017, 11:58 PM

The "listadmins" list has been public ever since it was created, and is open to subscription by anyone. The latter was announced in https://lists.wikimedia.org/pipermail/listadmins/2015-May/000002.html.

There's nothing really private that's been discussed on the list anyways. If you want to make the list private, you should probably propose that on the list itself.

Pine closed this task as Declined.Jul 16 2017, 12:07 AM

OK, thanks for the info. I don't recall that discussion, but then again my brain is so full that there's probably a lot of relevant info that I don't remember. I won't lobby for change; I'm in the process of offloading some responsibilities and was planning to unsubscribe from the list when I noticed that the archives are public.

I'll close this task as declined.

Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".Jul 16 2017, 12:45 AM
Bawolff added a subscriber: Bawolff.

[Making closed bug public]