blu.org mailing list memberships reminder
Richard Chonak
rac at gabrielmass.com
Thu May 2 12:56:50 EDT 2002
jc wrote, about Mailman's password e-mails:
> Doesn't this sorta miss the point? Sending passwords in the clear in
> email messages is just totally wrong. Especially now that ISPs are
> routinely "harvesting" information from email for commercial
> purposes, and not even trying to hide the fact. Sending a
> uid/password pair via email is one of the most irresponsible things
> that any software (or administrator) can possibly do. If you're going
> to do this, you shouldn't even bother with passwords.
It depends on what you want to protect with the passwords. The
more valuable is the data you're protecting, the more protection
you may seek. In this case, we're just protecting a user's
subscription entry on a list server.
As you rightly point out, Mailman's password scheme doesn't
protect against snooping by your ISP. Ultimately nothing
protects against that, given that brute force methods could
break any password scheme or encryption method used. On the
other hand, Mailman's flimsy little password is probably enough
to impede most malicious users from unsubscribing you against
your wishes.
--RC
--
GnuPG keyID F9C6579F
Btw, see Rich Parsons' caricature site: http://www.justinjest.com
More information about the Discuss
mailing list