The mailing list for listmasters using Sympa

[Aumont - Comite Reseaux des Universites <address@concealed>]

Carsten Clasohm notice about the version 2.3.0 :

> While the new scenari are nice, I think the default for ADD and DEL is
> a bit dangerous. If I specify "auth md5" for an owner in the list
> configuration, Sympa 3.0 overrides this with scenari/add.default. The
> result is that anyone using the right sender address can use ADD/DEL,
> without any authentification being done. (Because the *.default files
> are links to *.owner for ADD/DEL.)

That's true. You highlighted a problem. In fact, previous concept of
authentication properties defined by owner was bad. It's not coherent
to define MD5 authentication only for one of the owners.
What we need is to define the security level for each command. This
can be down by scenari.

Now we need to update the documentation and remove the owner parameter
as soon as all owner's commands will be implemented by scenari.

Regards
Serge Aumont