The decision on what parameters to set on an indy list on sarai.indymedia.org http://lists.indymedia.org/mailman/admin/imc- are a local decision for the local IMC. However, there are good arguments, based on experience, why more open settings are generally better than more closed ones.
The (recommended) indications have not been formally consensed and are only consensed in the sense that a TWiki page is a consensus page since it's a wiki. Since the new-imc working group has no power to force any new IMC to even have a mailing list, there's probably not a lot of point trying to formally consense on what parameters to recommend for an indy mailing list. It's probably more useful to clarify, add to, condense, translate, etc. the arguments below.
The comments here are for the mailman software, but should more or less apply to other software choices.
General comments regarding privacy on indy email lists.
Indymedia is only Indymedia if it's open to everyone, and if it's non-hierarchical. Radical transparency helps achieve both of these - nearly all of our internal decision-making and organising is public via public mailing list archives, or else open face-to-face meetings. Ideas and actions that are not publicly archived are generally either technical and non-controversial, or else fail to have an effect on the network because people don't know about them and don't feel any obligation to take them seriously.
Openness also means that we are not going to be able to exclude police infiltrators - if they want to know what we are saying, they'll join the list and know what we are saying and know (automatically) the email addresses of people who write to the list.
This doesn't even require Carnivore or other high-tech internet filters.
And if the infiltrator makes a little effort to act like an activist, he/she could also become a list administrator, and he/she will have access to all information that ordinary subscribers will not have. This is just one more reason why we generally feel that having more than one list administrator is a good safeguard against hierarchy, but it's also a reason why a list admin should not have any more unique privileges than the minimum technically necessary.
If you're going to organise civil disobedience and wish to minimise arrest risks, then indymedia lists are not the place for your main organising effort. After all, our main activity - in our roles as indymedia activists - is to organise independent media among a wide variety of activists - many of whom may be uncomfortable with or at danger from civil disobedience actions (foreigners, oppressed minorities). If you happen to meet people and get to know them through indymedia or see reports or URLs to groups who do organise civil disobedience on Indymedia newswires, and you organise actions within your affinity group with people you know and trust, without claiming to be an open group, then it's reasonable to have more closed communication methods, since you're not claiming to be open, and you're not claiming to act as an Indymedia group.
everyone (including non-subscribers) can read this list
only subscribers can read this (requires their list password) (recommended)
only list administrator(s) can read it
It is quite common for the list administrator(s) of an Indy list to make the list of subscriber names only readable by subscribers. However, many lists have the subscriber list readable by everyone (including non-subscribers), without any problems, and some have the list readable only by the admin.
See the above general arguments for why having more openness is better than less, in the indymedia context.
everyone (including non-subscribers) can read this list
An argument against having everyone be able to read the list is that even though the list is anti-spammed, there are "individual spammers" who may pick up and convert the list if it's world readable, but will not make the effort to subscribe, since if they subscribe, there will be a record of their email address and they will be (more or less) traceable.
only subscribers can read this (requires their list password)
maximum openness without any obvious problems
sufficient openness to strengthen non-hierarchy and robustness - any subscriber can make a copy of the subscriber list every now and then, and if there are problems with the server (sarai is highly centralised!), then anyone can make an "emergency" list quite easily using ordinary email, without even using real mailing list software.
high-security risk individuals may still choose to hide their email address from other subscribers
easier for communication between Indymedia collectives
easier for the wider public to see what Indymedia is - are we sectarian? religious fundamentalists? terrorists? an attempt to impose US culture on the rest of the world? In the present context of the WTO/IMF/WB/Bush II corporate empire trying to divide and conquer and make people distrust and fear one another, and given that Indymedia is still only marginally developed outside of North/South America and Europe, it is quite understandable that people around the world who are very much angry with "the USA" might be very suspicious about Indymedia if they could not read the archives and see for themselves that we are not a branch of the CIA...
easier to resolve conflicts since the "he said this and she said that" can at least be checked by a neutral party much more easily than if the archives are secret.
people who deliberately manipulate others are less likely to do this in public: manipulation requires saying different things to different people
secret ("private") archives
communication more difficult within group
communication more difficult with other IMCs
communication more difficult with general public
resolution of conflicts more difficult
Some places have both poor internet access and high security risks. How IMCs develop in these places is an open question being experimented with, and might lead to some evolution in the Indymedia model. Local decisions and learning by practice ("running code and rough consensus") are probably the way forward, but please look up the various arguments before we go around and around in circles in discussions that have already happened: FaceToFaceInDangerousPlaces
An alternative to having just a secret list is to have two lists, one public, one secret. As long as those IMC participants who feel safe to do so, do actually sufficiently participate in the public list, this might be a reasonable compromise with openness.
Do secret archives help people protect their anonymity?
Only for a short time, while the group stays small.
The group risks becoming closed and paranoid, since you have to worry about the identity about everybody who asks to subscribe. It will not grow naturally to include "outsiders".
Unless the group becomes a sect, then it is impossible to stop police or infiltrators from pretending to be activists and joining the secret mailing list if the authorities think that the list is a threat to their political power.
If individuals need anonymity, then they should know the techniques, but also accept that the risk is never zero on the internet. Some anonymity links:
communication much easier, including by people new to the internet - since indymedia is supposed to be grassroots, some of the people we most want to help participate are those with the least internet experience/access
it takes time for spammers to pick up and distribute email addresses, so this is more likely to be a problem for an older IMC than for a younger one (except if the address gets posted too widely and quickly in firstname.lastname@example.org)
cuts out spam
non-subscribers can still send messages, they just have to wait for a list admin to approve their message
difficult for people with least internet experience/access
only list administrators
Seems totally against Indymedia culture, except if this is something like a newswire feed for people without web access, and if the decisions on what to send are taken on another list to which any subscriber can post
how to make a new list
After understanding and debating the arguments above, you might want to know how to... create a list! You can request a list at http://newlist.indymedia.org