[GoLUG] Mailing list, long term.

[Barry Fishman]

On 2025-08-15 01:41:01 -04, Steve Litt wrote:
> On Thu, 14 Aug 2025 20:39:24 -0700
> Ron <ron at bclug.ca> wrote:
>
>> Steve Litt wrote on 2025-08-14 18:52:
>
>> > Once formatted as a MindMeld tree, anybody can grab the tree with 
>> > rsync as a backup, and if the admin quits or gets run over by a 
>> > truck, the next admin can set up MindMeld with an untar, an edit of 
>> > a conf file  
>> 
>> What happens if someone else decides to take over the list? i.e.
>> moderate the current admin to not be allowed to post?
>
> The whitelist and blacklist aren't readable from the outside. Only the
> archive is readable (and downloadable) from the outside. So they can't
> lock out the admin
>
>> Or approve their spammer friend's account who then starts spamming?
>
> Same thing, nobody but the admin can approve or lock out anybody.
>
> HOWEVER...
>
> As it's currently designed, a bad actor could make an evil clone of a
> given MindMeld, which the bad actor admins, and the bad actor could
> whitelist spammers and blacklist the real admin from the evil clone.
> And if they were both on the same shared hosting facility, it might be
> possible for both to be on the same IP address and port. When MindMeld
> later gets TLS, I think that problem goes away. Let's hear from others:
> What might be some methods to disallow two identically named MindMeld
> servers on the same IP and port?

This doesn't seem to be a issue with HTTP.  I presume if the two servers
are sharing an IP address, they are NAT-ed so their packets don't get
confused.  You just need to make sure the user is connecting to the
correct domain name that you own.

On a similar point, you might note that MindMeld is trademarked by Cisco
Technologies Inc. (and have the domain mindmeld.com), who might not be
happy with your use of that name if you wish to distribute your
software.  You might want to pick another name and reserve a domain name
for it to establish at least a prior use.

-- 
Barry Fishman