[REUSE] Bug in the subscribe form of this mailing list

Max Mehl max.mehl at fsfe.org
Thu Apr 15 08:43:56 UTC 2021

Dear Sebastian,

~ Sebastian [2021-04-14 18:11 +0200]:
> I've just subscribed to this list, and am looking forward to participating
> in some of the discussions regarding the REUSE specification and its
> associated tooling. However, I came up against an issue with the web form
> for subscribing to this list.

For of all, thank you for signing up and becoming part of the list,
albeit the hurdles on your way. Welcome!

> Upon entering the correct information into the form, I got an error message
> saying "The form is tool old. Please GET it again." - a screenshot of this
> message is attached. This wasn't resolved by merely refreshing the page;
> but I managed to subscribe by selecting the digest mode on the form and
> changing that back in the Mailman settings once successfully subscribed.
> I have to admit that I'm rather intrigued by this error - I would expect
> such a form to be using a POST request. Is the form being fetched from some
> sort of reverse proxy cache, maybe?

I have tried to reproduce your error, to no avail. Of course, the form
uses the POST method and some CSRF protection. There are no complex
proxy hacks in use as long as you use the following site to sign up:


Could it be that there was a longer timespan between opening the sign-up
form site (URL above), and actually sending the request? In this case,
the CSRF protection kicked in because the dynamic code of your
individual form expires after a certain time (10 minutes IIRC). A short
research in Mailman's source code hints that the error message you saw
is connected to this scenario.

Usually, this CSRF code should be regenerated with every page reload, so
what you did (refreshing the page) should have worked. I honestly don't
know why this failed, and why signing up to digests worked eventually.

If you or anyone continues to experience similar technical issues,
please let me know (ideally via private mail) and I'll investigate more
thoroughly. For now, I reckon this was just a silly edge case of failed
communication between Mailman and your browser.


Max Mehl - Programme Manager - Free Software Foundation Europe
Contact and information: https://fsfe.org/about/mehl | @mxmehl
Become a supporter of software freedom:  https://fsfe.org/join

More information about the REUSE mailing list