author: bwarsaw 2001-05-31 17:28:35 +0000
committer: bwarsaw 2001-05-31 17:28:35 +0000
commit: 55d9729a98d400a9b8c53958dae0711aa19c792d (patch)
tree: 58ad36625bcfc41c7e884aa068c43c38aa783d02 /Mailman/Handlers/Approve.py
parent: 4fa71214704e8087a0d957e09918ebef6d3b5351 (diff)
download: mailman-55d9729a98d400a9b8c53958dae0711aa19c792d.tar.gz
mailman-55d9729a98d400a9b8c53958dae0711aa19c792d.tar.zst
mailman-55d9729a98d400a9b8c53958dae0711aa19c792d.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/Mailman/Handlers/Approve.py b/Mailman/Handlers/Approve.py
index 8ebfd58aa..d0112e6fe 100644
--- a/Mailman/Handlers/Approve.py
+++ b/Mailman/Handlers/Approve.py
@@ -36,7 +36,9 @@ def process(mlist, msg, msgdata):
         # above may not be entirely correct.
         return
     # See if the message has an Approved: or Approve: header with a valid
-    # list-moderator, list-admin, or site-admin password
+    # list-moderator, list-admin.  We are specifically /not/ allowing the site
+    # admins password to work here because we want to discourage the practice
+    # of sending the site admin password through email in the clear.
     missing = []
     passwd = msg.get('approved', msg.get('approve', missing))
     if passwd is not missing and mlist.Authenticate((mm_cfg.AuthListModerator,
author	bwarsaw	2001-05-31 17:28:35 +0000
committer	bwarsaw	2001-05-31 17:28:35 +0000
commit	55d9729a98d400a9b8c53958dae0711aa19c792d (patch)
tree	58ad36625bcfc41c7e884aa068c43c38aa783d02 /Mailman/Handlers/Approve.py
parent	4fa71214704e8087a0d957e09918ebef6d3b5351 (diff)
download	mailman-55d9729a98d400a9b8c53958dae0711aa19c792d.tar.gz mailman-55d9729a98d400a9b8c53958dae0711aa19c792d.tar.zst mailman-55d9729a98d400a9b8c53958dae0711aa19c792d.zip