Bug 937637 - opensuse-security-announce mailing list has ineffective moderation settings
opensuse-security-announce mailing list has ineffective moderation settings
Status: RESOLVED INVALID
Classification: openSUSE
Product: openSUSE.org
Classification: openSUSE
Component: Infrastructure
unspecified
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Marcus Rückert
Lars Vogdt
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-10 09:14 UTC by Andreas Stieger
Modified: 2015-07-10 09:22 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-07-10 09:14:23 UTC
When I first posted to opensuse-security-announce, the message was moderated as expected.

However when a user replies, the message is not moderated and sent to the announce audience.

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00022.html

From: Uzair Shamim <usershaman@gmail.com>
Date: Thu, 09 Jul 2015 23:30:42 -0400
To: opensuse-security-announce@opensuse.org
Subject: Re: [security-announce] openSUSE-SU-2015:1207-1: critical: Security update for flash-player
References: <20150708150840.076AD320A4@maintenance.suse.de>
In-Reply-To: <20150708150840.076AD320A4@maintenance.suse.de>

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00021.html

Sender: Carlos Robinson <robin.listas@gmail.com>
Date: Thu, 09 Jul 2015 18:33:29 +0200
From: "Carlos E. R." <carlos.e.r@opensuse.org>
To: opensuse-security-announce@opensuse.org
Subject: Re: [security-announce] openSUSE not affected by OpenSSL CVE-2015-1793
References: <559E803F.5090100@suse.com>
In-Reply-To: <559E803F.5090100@suse.com>


Replies should be moderated (and rejected) like the original message.

Users should need to be forced to honour the Reply-to: header, commonly set to opensuse-security@opensuse.org
Comment 1 Marcus Meissner 2015-07-10 09:22:24 UTC
Actually the reply emails were moderated, just one of the moderators approved them due to a mistake.

The mails also set:
Reply-To: opensuse-security@opensuse.org