sympa issueshttps://0xacab.org/riseup/sympa/-/issues2020-08-14T23:02:44Zhttps://0xacab.org/riseup/sympa/-/issues/10794password reset on non-existant account2020-08-14T23:02:44Ztaggartpassword reset on non-existant accountsympa (the current 6.1 on whimbrel at least) will let you do a password reset for an email address that does not yet have an account:
```
<kaakaawahie> so if someone goes on lists and requests a password for a non-existing account, the ...sympa (the current 6.1 on whimbrel at least) will let you do a password reset for an email address that does not yet have an account:
```
<kaakaawahie> so if someone goes on lists and requests a password for a non-existing account, the email goes out and they can set it but upon login, forces the user to create a new password and the cycle starts anew. this seems problematic.
<taggart> kaakaawahie: so they do the "Lost password?" link but the account they are doing doesn't yet exist?
<kaakaawahie> taggart: correct
<kaakaawahie> i just did a test with a guerrilla mail address, which i guess theoretically could already exist but that seems really unlikely :)
<kaakaawahie> i've occassionally seen folks talk about always having to change their password and i think this is related. going through the process essentially creates the account. once the password is set, you're logged in, so you should be able to act like normal
<taggart> ok so they do a password reset on the non-existant account and they get the email to reset. and then they go to that url and it lets them set the password?
<kaakaawahie> yes
<kaakaawahie> and logs them
<kaakaawahie> in
<kaakaawahie> so to give some context to this, imagine you're someone else and you try to log in using the email address you think you used (but it's not really the right one) and it fails. you see the forget password link and click on it. you get the email, which further gives credit to the idea that is the right email. it gets better when it accepts the new password, so on and so forth
<kaakaawahie> it's like a self-fulfilling prophecy but the reality is you've just got the wrong email
<taggart> ok but now they have an account and they know the password and it works ok (but if they thought it was an account they were subscribed with, they are wrong)
<taggart> and it wouldn't have any list subscriptions on the left side
<kaakaawahie> well the password works ok but it immediately requires them to change the password (talking about how they forgot the password) upon login
<kaakaawahie> and with all that confirmation that they have the right email, they'd look at the missing list subscriptions and just think there was something wrong with the system, not the choice of email
<taggart> yeah
<taggart> so the only improvement I think is that the system shouldn't send a password reset mail for an account that doesn't exist
<kaakaawahie> agreed entirely. that's the root problem
<taggart> but also you don't want to leak that an account doesn't exist
<taggart> so should it fail silently? that would also be confusing
<kaakaawahie> confusing but not as problematic
```
Probably we won't go to the effort to fix this in 6.1, but we should get it fixed upstream so we get it when upgrading.https://0xacab.org/riseup/sympa/-/issues/10792add mod-white_lists_plugin2018-02-22T18:36:25Zmicahadd mod-white_lists_pluginA user requested that we add this plugin (https://user.riseup.net/ticket/711899): https://www.sympa.org/templates_plugins/mod-white_lists_plugin
I think we need to upgrade to 6.2 first though.A user requested that we add this plugin (https://user.riseup.net/ticket/711899): https://www.sympa.org/templates_plugins/mod-white_lists_plugin
I think we need to upgrade to 6.2 first though.6.2https://0xacab.org/riseup/sympa/-/issues/10791DMARC causing moderation problems?2018-02-22T18:36:26ZtaggartDMARC causing moderation problems?There is a riseup help ticket (https://user.riseup.net/ticket/590765) about a message getting sent to a list despite moderation being turned on. The message was from a yahoo sender, maybe the DMARC munging somehow caused it to get throug...There is a riseup help ticket (https://user.riseup.net/ticket/590765) about a message getting sent to a list despite moderation being turned on. The message was from a yahoo sender, maybe the DMARC munging somehow caused it to get through?
I think we could test with a test list set to "editors_or_moderated" and a yahoo account.https://0xacab.org/riseup/sympa/-/issues/404Limit number of subscribers unless approved2019-05-07T15:41:22ZmicahLimit number of subscribers unless approvedWe've decided that we hate it when someone gets a list and then subscribes 10,000 people. We would like to be able to set a subscriber limit (like say 2,500) and any more than this would require approval from us. After we school them of ...We've decided that we hate it when someone gets a list and then subscribes 10,000 people. We would like to be able to set a subscriber limit (like say 2,500) and any more than this would require approval from us. After we school them of course.
*(from redmine: created on 2008-12-11, relates #403, relates #1914)*https://0xacab.org/riseup/sympa/-/issues/620Confirmation email content change2018-02-22T18:36:26ZsunbirdConfirmation email content changeFrom a help ticket---
Hey all!
Just thought I'd give you guys some feedback on the subscription process.
It is not clear that you are not instantly subscribed once you log in using the password emailed to you in the first confir...From a help ticket---
Hey all!
Just thought I'd give you guys some feedback on the subscription process.
It is not clear that you are not instantly subscribed once you log in using the password emailed to you in the first confirmation email after first attempt to subscribe. And it is not easy to find the list you want to subscribe to, nor are there instructions on what to do next, from the page you reach once logged in for the first time; though you are clearly told under your email address that you have no subscriptions. For a first-time subscriber, that is really weird! Heck, I just DID subscribe, right?!?
So I would like to see some instructions in the confirmation email that goes along the lines of:
"To complete your subscription to <list>, go to <url> and click <button>. For your safety, you are not subscribed to <list> until after you have completed this step."
I think this would help eliminate confusion. If not in the confirmation email, then on the page you reach after logging in for the first time.
Thanks for reading!
*(from redmine: created on 2009-02-19)*https://0xacab.org/riseup/sympa/-/issues/1187full name gets revealed, leaking private info2018-02-22T18:36:26Zmicahfull name gets revealed, leaking private infoIf a user is subscribed to a list by someone who puts their full name in the subscription field, then that full name is revealed to any other list subscription. This means that any other riseup list who subscribes that person's email add...If a user is subscribed to a list by someone who puts their full name in the subscription field, then that full name is revealed to any other list subscription. This means that any other riseup list who subscribes that person's email address gets that person's full name. In most cases, only the administrator of that other list would be able to see this, but some list profiles allow list subscribers to see the list of people who are subscribed, which would enable them to get a hold of this person's full name.
A fix to this might be to make it so that we don't store the full name *at all*, or somehow isolate that so different lists don't have access to that information. Likely the first one is the easier, but pushing that change upstream would be useful so we dont have to maintain the change.
*(from redmine: created on 2009-08-05)*6.1.22taggarttaggarthttps://0xacab.org/riseup/sympa/-/issues/1745Password reset template is wacky2018-02-22T18:36:26ZmicahPassword reset template is wackyBecause someone was having trouble requesting that their password was
reset, I decided to go through the process. When you get the email
from sympa it is pretty wacky english:
Subject: lists.riseup.net / your environment
Someone,...Because someone was having trouble requesting that their password was
reset, I decided to go through the process. When you get the email
from sympa it is pretty wacky english:
Subject: lists.riseup.net / your environment
Someone, probably you, requested to allocate or renew your password for
your list server account lists.riseup.net. (This request came from host
). You may ignore this request or click on the following link in order
to choose your password. :
https://lists.riseup.net/www/ticket/52991495727153
Help on Sympa: https://lists.riseup.net/www/help
Here is an attempt at rewording this, feel free to change any of it:
Subject: Your lists.riseup.net account
Someone has requested that your lists.riseup.net account password be
reset. If this was not you, do not worry, you can safely ignore this
message and nothing will happen. If it was you, just simply click on the
following link to reset your password:
<link>
in solidarity,
riseup birds
for additional help: https://lists.riseup.net/www/help
*(from redmine: created on 2010-02-23, relates #2114)*6.0.1kclairkclairhttps://0xacab.org/riseup/sympa/-/issues/1814Change 'dump' link to say 'export subscribers', or something2018-02-22T18:36:26ZjessibChange 'dump' link to say 'export subscribers', or somethingAs explained here, http://help.riseup.net/lists/admin/faq/#how_to_do_i_get_a_list_of_subscribers list admins used to have an option to 'export subscribers'.
Now that option says 'Dump'. There have been a few tickets about this, and I ...As explained here, http://help.riseup.net/lists/admin/faq/#how_to_do_i_get_a_list_of_subscribers list admins used to have an option to 'export subscribers'.
Now that option says 'Dump'. There have been a few tickets about this, and I thought the solution was to update the help documentation.
But in https://user.riseup.net/ticket/520717 , somebody brings up that the word 'dump' is a bit confusing, as it might mean 'delete'. kclair said it would be easy to change the link itself, so maybe we should leave the help documentation, and change the link in sympa.
*(from redmine: created on 2010-03-01)*https://0xacab.org/riseup/sympa/-/issues/1908fix header on configure list page to be more specific2018-02-22T18:36:26Zkclairfix header on configure list page to be more specificwhen you are setting an option, the header says ‘Configuring the list’, no matter what section you are configuring. It would be clearer if it said the name of the particular option being configured.
* kclair> the old interface, as...when you are setting an option, the header says ‘Configuring the list’, no matter what section you are configuring. It would be clearer if it said the name of the particular option being configured.
* kclair> the old interface, as far as i can see, just doesn’t print a header. is that preferrable? adding a custom header to each section could be done with some effort if it’s really wanted.
* micah> i think due to the way sympa automatically saves the form when you pick drop-down options (see below), its better that it says something, rather than nothing. While I agree that it would be clearer if it said which option was being configured, I think that this should be something that is filed in upstream sympa’s bug tracker as a wish list item, and not something that would keep the upgrade from happening.
*(from redmine: created on 2010-03-08)*https://0xacab.org/riseup/sympa/-/issues/1909possible issue with passwords and character sets2018-02-22T18:36:26Zkclairpossible issue with passwords and character sets * user.riseup.net/ticket/686249 explains a problem where the password was set in cyrillic, and not the person cannot gain access
o kclair> i think we should do the upgrade and see if this is still a bug afterwards.
*(f... * user.riseup.net/ticket/686249 explains a problem where the password was set in cyrillic, and not the person cannot gain access
o kclair> i think we should do the upgrade and see if this is still a bug afterwards.
*(from redmine: created on 2010-03-08)*https://0xacab.org/riseup/sympa/-/issues/1914limit bulk add2019-06-15T00:23:15Zkclairlimit bulk addIt would be nice if we could limit the list admin “bulk add” to some amount of addresses, say 15 or so. We have some lists where the admins export some database and bulk add it, thus totally defeating the bounce processing cleanup and ot...It would be nice if we could limit the list admin “bulk add” to some amount of addresses, say 15 or so. We have some lists where the admins export some database and bulk add it, thus totally defeating the bounce processing cleanup and other attempts to remove bogus addresses. They’d still be able to do that but it would require doing them 15 at time which raise the bar some.
* javascript might be a good option for this because it would be independent of the sympa source. of course it would then not work if javascript was not enabled.
*(from redmine: created on 2010-03-08, relates #404)*https://0xacab.org/riseup/sympa/-/issues/1916subscribers/members and owner/administrator wording2018-02-22T18:36:26Zkclairsubscribers/members and owner/administrator wordingIs there a difference between ‘members’ and ‘subscribers’? They are both mentioned (for example, in ‘Who can view list information’). It would be great to not have 2 words for one role. Also the owner/administrator distinction is unclear...Is there a difference between ‘members’ and ‘subscribers’? They are both mentioned (for example, in ‘Who can view list information’). It would be great to not have 2 words for one role. Also the owner/administrator distinction is unclear to me, but maybe administrators include moderators/editors (another 2 words for one role?)
*(from redmine: created on 2010-03-08)*https://0xacab.org/riseup/sympa/-/issues/2114password template2018-02-22T18:36:26Zmicahpassword templateThe password remind template, which is the same one that is used for a
new/first user says this:
Subject: lists.riseup.net / your environment
From: Sympa
Someone, probably you, requested to allocate or renew your password for
your list...The password remind template, which is the same one that is used for a
new/first user says this:
Subject: lists.riseup.net / your environment
From: Sympa
Someone, probably you, requested to allocate or renew your password for
your list server account lists.riseup.net. (This request came from host
). You may ignore this request or click on the following link in order
to choose your password. : https://lists.riseup.net/www/ticket/aadsadjgddfg
There are a few odd things about this:
1. The subject is bizarre, especially the '/ your environment' part -- I
think this should say something like "Your lists.riseup.net account"
2. The From is unrecognizable to people.... who is Sympa?! I think that
the real name portion of the return email should be changed from "Sympa
<sympa@lists.riseup.net>" to be: "Riseup Lists <sympa@lists.riseup.net",
or something equally as clear
3. The english is awkward: "requested to allocate", also "for your list
server account lists.riseup.net" is weird too. How about this as a draft
replacement first sentence, "Someone requested a new password for your
Riseup mailing list account at http://lists.riseup.net"
4. "(This request came from host)" is both meaningless because we dont
keep the logs to make it useful, but also something I think we should
not include. Maybe it would be better replaced by, "If you did not make
this request, don't worry, just ignore this email. If you did make the
request and want to reset or create a new password, please visit: ..."
*(from redmine: created on 2010-04-05, relates #1745)*https://0xacab.org/riseup/sympa/-/issues/2429Set default to no rejection message2018-02-22T18:36:26ZsunbirdSet default to no rejection messageReported as a help ticket by change@pacbell.net
Listname: https://lists.riseup.net/www/admin/actionla
Before I got set the rejection so no rejection message would go out,
permanently. If people get that notice then they complain but...Reported as a help ticket by change@pacbell.net
Listname: https://lists.riseup.net/www/admin/actionla
Before I got set the rejection so no rejection message would go out,
permanently. If people get that notice then they complain but we
usually have good reason do reject some messages.
But now you have check the box before each rejection notice. Just a
bit of a pain when there is a bunch of them.
So if you reject a message via email and not the Web page, you get no
chance to check the box saying dont send a rejection notice to the sender.
*(from redmine: created on 2010-06-19)*https://0xacab.org/riseup/sympa/-/issues/2562removing list problem2018-02-22T18:36:26Zmicahremoving list problemIf you go to a list, particularly one with a large number of subscribers (at least 10k) click the 'remove list' button, it will spin for a while, then you get the birds page. If you go back to the the list's admin page, it will be sti...If you go to a list, particularly one with a large number of subscribers (at least 10k) click the 'remove list' button, it will spin for a while, then you get the birds page. If you go back to the the list's admin page, it will be still open.
In the past, when a list had a large number of subscribers, this is what would happen... it would spin, we'd get the birds, but it would still close.
I suspect that the spinning is happening while sympa dumps the subscribers to a file, and that this takes too long for the http timeout. This probably should be done as a task or something so its not synchronous with the web admin connection.
*(from redmine: created on 2010-10-27)*https://0xacab.org/riseup/sympa/-/issues/2599sympa handing things off to sendmail2018-02-22T18:36:26Ztaggartsympa handing things off to sendmailwe run logcheck on willet and it's seeing some log entries like these
Oct 20 12:17:59 willet postfix/sendmail[682]: warning: -f option specified malformed sender: bounce+ingrese su correo electronico
aristocris==a==yahoo.com.ar==metr...we run logcheck on willet and it's seeing some log entries like these
Oct 20 12:17:59 willet postfix/sendmail[682]: warning: -f option specified malformed sender: bounce+ingrese su correo electronico
aristocris==a==yahoo.com.ar==metrodelegados@lists.riseup.net
Oct 21 05:40:05 willet postfix/sendmail[29319]: warning: -f option specified malformed sender:
bounce+<theclone==a==hackcanada.com>==nobloodforoil@lists.riseup.net
Sendmail is choking on that sender, I think probably sympa either needs to escape it somehow or shouldn't be trying to send.
*(from redmine: created on 2010-11-15)*kclairkclairhttps://0xacab.org/riseup/sympa/-/issues/2632write tests for patches2018-02-22T18:36:26Zkclairwrite tests for patches!
*(from redmine: created on 2010-11-21)*!
*(from redmine: created on 2010-11-21)*https://0xacab.org/riseup/sympa/-/issues/2663sort list requests by date2018-02-22T18:36:26Ztaggartsort list requests by dateI want the ability to sort pending list requests by date
https://lists.riseup.net/www/get_pending_lists
*(from redmine: created on 2010-12-09)*I want the ability to sort pending list requests by date
https://lists.riseup.net/www/get_pending_lists
*(from redmine: created on 2010-12-09)*https://0xacab.org/riseup/sympa/-/issues/3070the confirm message when restoring a closed list asks if you want to close th...2018-02-22T18:36:26Zjessibthe confirm message when restoring a closed list asks if you want to close the listLike the subject says, when you go to *restore* a closed list, you get a confirmation question about *closing* the list. It does restore the list, but is still confusing.
*(from redmine: created on 2011-06-16)*Like the subject says, when you go to *restore* a closed list, you get a confirmation question about *closing* the list. It does restore the list, but is still confusing.
*(from redmine: created on 2011-06-16)*https://0xacab.org/riseup/sympa/-/issues/3324Shared document space is broken2018-02-22T18:36:26ZsunbirdShared document space is brokenExpected behavior: When you set shared document quota in LIST DEFINITION->PRIVILEGES, you will be able to upload documents to shared/ up to the total quota.
Actual Behavior: The Riseup Birds are busy working on the server.
This is ...Expected behavior: When you set shared document quota in LIST DEFINITION->PRIVILEGES, you will be able to upload documents to shared/ up to the total quota.
Actual Behavior: The Riseup Birds are busy working on the server.
This is causing at least one list owner who had previously been a reoccurring donor to leave riseup.
*(from redmine: created on 2011-08-01)*sunbirdsunbird