(Once again, apologies in advance if through impatience and overfamiliarity with this issue I come across as too brusque.)
Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
Well, hopefully "we" (BALUG) aren't too likely to run into such problems ... though it's not necessarily always feasible to alay all suspicions.
That natural suspicion -- which I'm not sure you're taking seriously enough -- is of course part of the problem, but there's also the other part I cited: In a Linux online community, the ability to see who else is participating (or at least the posting addresses) is, I maintain, an essential and natural part of the community process. As I've pointed out, the "hide from spammers" reason you originally cited simply doesn't hold water for several reasons.
That leave the reason you just posted: your ability to screenscrape the HTML version of the roster without having to clear members' "hidden" flags, first.
*if you know of something easier, let me/us know.
Since, lacking shell access, we cannot use /usr/lib/mailman/bin/list_members , what comes to mind for a programmatic solution is:
1. Clear "hidden" flags via the admin screens, capturing the addresses for which you do this. 2. Screenscrape the resulting roster screen. 3. Re-set the "hidden" flag on the members affected.
As the number of subscribers on a list increases, and if all on the list can get the e-mail addresses of everyone on the list, the probability of abuse increases (e.g. we'll likely soon have over 500 e-mail addresses on our "announce" list).
Part of the price of participation in a public community is that you might get contacted by jerks. As mentioned, people who wish to participate but not let the public see their e-mail addresses already have the means to do so (though they'd also need to make sure they never post). It's just not reasonable to cripple the transparency of our mailing lists just because someone, some time, could send people mail they don't want. For one thing, your change _doesn't even prevent_ them from doing that: It means only that they need to carry out that misdeed via the mailing list itself, possibly using throwaway webmail addresses if they intend to commit repeat offences.
(That having been said, there is no compelling need for the _announce_ list's roster to be accessible to anyone but the listadmins, as it's not a community forum. I was referring to the other two, which are.)
We probably have "more than enough" folks that have access to the list roster (probably at least half a dozen or more folks) - so the probability of someone successfully coopting the list and denying access to most or all of the subscriber e-mail addresses to BALUG is quite low.
Setting aside the fact that I spoke of the public _impression_ of likely listadmin abuse created by deployment of such settings, not the probability of that abuse actually occurring, sadly, what you claim above turns out to be non-sequitur: There have been many cases (elsewhere) of listadmins carrying out personal measures against members that their fellow admins never noticed, and indeed had no easy means to see at all. This is especially easily done on Mailman installations such as Dreamhost's where the listadmins don't have access to Mailman's logfiles, the only complete record of who has done what.
I also removed the text from the list descriptions that indicates whether or not the roster is available to all subscribers.
Well, I'm putting it right back, after sending this mail, and changing the rosters of balug-talk and balug-admin back to subscriber-accessible, for reasons cited. I'll readily admit to feeling strongly about the latter point, but it's the fruit of very long experience as a listadmin.
(I'm putting the roster access text + markup back onto the balug-announce listinfo page, too, because, well, it's useful to the listadmins, darn it.)
And, _please_, again, let's all consult before suddenly changing key mailing list settings. For one thing, it's a real pain to have to consult other Mailman installations to re-find the markup you removed from the listinfo pages without consulting anyone else.
I'm not asking for unique consideration on account of the coincidental fact that I happen to be BALUG's sole listadmin at the moment, but I do think that I (along with this group of admins generally) should have been meaningfully consulted and not merely informed after the fact.