 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
jc wrote, about Mailman's password e-mails: > Doesn't this sorta miss the point? Sending passwords in the clear in > email messages is just totally wrong. Especially now that ISPs are > routinely "harvesting" information from email for commercial > purposes, and not even trying to hide the fact. Sending a > uid/password pair via email is one of the most irresponsible things > that any software (or administrator) can possibly do. If you're going > to do this, you shouldn't even bother with passwords. It depends on what you want to protect with the passwords. The more valuable is the data you're protecting, the more protection you may seek. In this case, we're just protecting a user's subscription entry on a list server. As you rightly point out, Mailman's password scheme doesn't protect against snooping by your ISP. Ultimately nothing protects against that, given that brute force methods could break any password scheme or encryption method used. On the other hand, Mailman's flimsy little password is probably enough to impede most malicious users from unsubscribing you against your wishes. --RC -- GnuPG keyID F9C6579F Btw, see Rich Parsons' caricature site: http://www.justinjest.com
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
