This document discusses security aspects of ezmlm-idx addition to the ezmlm-0.53 mailing list manager. This is the authors' understanding of security aspects of ezmlm-idx functions and not to be taken as a warranty. If you find any errors in this document or the ezmlm-idx package in general, please inform the authors.
In general, ezmlm with or without the ezmlm-idx package is more secure and less resource hungry than most other mailing list managers. Better security than afforded by ezmlm +/- ezmlm-idx would require encryption or PGP/digital signatures. Such an addition would make it difficult, if not impossible, to run the mailing list from a standard MUA. The ezmlm-idx package adds a number of functions and options, which under some conditions may decrease security. The purpose of this document is to discuss security aspects of using/enabling these different functions.