[Mediawiki-l] [MediaWiki-announce] MediaWiki security release1.16.3
Platonides
Platonides at gmail.com
Thu May 26 16:37:51 UTC 2011
Tim Starling wrote:
> They use duplicate message IDs, which I suppose is why they didn't
> appear in Gmane. Maybe it's a test of a new spamming strategy. I've
> long said that Mailman is laughably insecure and that it's only a
> matter of time before it's spammed to death, and that the only
> solution will be to evacuate to a web forum.
>
> -- Tim Starling
It could be avoided by requiring a valid PGP signature* before sending
to the list.
Easy for mediawiki-announce, not so much for a list like mediawiki-l,
where signed mail is the exception. Maybe a spf check would be enough
for non-signed mail.
If spam really break into mailing lists, then finally spammers will
solve that old problem by forcing signed mail on everyone.
* Not any signature, but the one given for that email at subscription,
obviously.
More information about the MediaWiki-l
mailing list