The mailing list for listmasters using Sympa

["Zeikat, Wolfgang" <address@concealed>]

Hello,

if subscribers can invite anyone else to a private list, it wouldn't be a 
private list anymore, would it.

I think that's meant by "Invitation is disabled by default because it opens a 
major security hole for private lists."

Hope this helps,

wolfgang


----- Original Message ----- 
From: "Courtney Banks Schley" <address@concealed> 
To: address@concealed 
Sent: Monday, 1 September, 2014 4:07:33 PM 
Subject: [sympa-users] INVITE command and security flaw? 


Hello, 

I'm running a list on Riseup.net. In their help documentation, it notes that 
the INVITE command (to add users to a list by emailing address@concealed 
with: 
INVITE list-name email-to-invite QUIT) is automatically disabled for private 
lists, because it would open the list to a security hole. (see here: 
https://help.riseup.net/en/lists/list-admin/faq#how-do-i-invite-someone-to-my-list
 ) 

I can’t find further info on what the security hole is. I’m not sure if this 
is specific to riseup.net lists, but haven’t gotten any responses from their 
help desk. I just wanted to ask if any SYMPA users here are familiar with 
what the security hole is, so I can determine whether I want to enable INVITE 
on my private list. 

Thanks! 

Courtney