Re: Approval headers

---------

Pamela Greene (pgreene@optics.rochester.edu)
Sun, 30 Nov 1997 12:34:33 -0500 (EST)

> The question is, does it matter that this header will be appearing
> in the articles on the "home" newsgroup?
>
> I can see that posts to *.answers (going through the 'bot) could have
> the approval header stripped, but I don't imagine this happens with
> the "home" newsgroup. Am I correct, then, in my assumption that it
> doesn't matter if the world can see the the approval header and that
> the *.answers 'bot will only accept submissions from my registered
> address, regardless of whether or not the approval headers is present
> and correct?

There are two separate issues here. The approval header itself allows
your article to be posted to a moderated newsgroup instead of being
forwarded to its moderators by email. It doesn't provide very tight
security, though when we're not so overloaded the moderators try to
keep an eye on the newsgroup and remove rogue articles by hand. It's
perhaps unfortunate that the approval header is readable in any
newsgroup to which the article is sent, but that's how the system
works, and the obvious "solution" (posting separately to moderated and
unmoderated newsgroups) has its own, larger problems. Cross-post to
all the approved groups at once, and don't worry about it.

The faq-server posting 'bot that we run doesn't use the Approved:
header for security; it can only be used for articles posted to
news.answers in the first place. The password you chose when you
first ADDed your article to the faq-server is what keeps others from
overwriting it there. Even if your email address changes, if you
provided the correct password in an UPDATE or other command, it will
be accepted by the 'bot.

-- 
- Pam Greene
one of the *.answers moderators, news-answers-request@mit.edu