Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

blu.org mailing list memberships reminder



You are correct. If you look at the mailman site, it explains some of the 
reasons, and that the passwords are very weak. 
Many web based systems allow you to receive your password by email. 
Majordomo did not have any real protection from someone changing your email 
options. 

One of the advantages of mailman is that email addresses are displayed as 
"foo at <domain>" which makes it more difficult for harvesting. 

Actually, the monthly mailing are a real pain in the ass for John and me. 
Someone gets a mailing from mailman-owner, then replies and asks us to 
remove him/her from your list. 

My stock response is that we run 20 listservs, each run by an independent 
user group. Here is how to unsubscribe (using the URL with <listname> 
instead of the real name of the list I don't know). Certainly, we have 
tools to figure out what lists an email address is on, but I don't as a 
matter of policy touch any list that I don't run. If anyone has further 
questions they should direct them to their list owners.  
On 2 May 2002 at 13:01, John Chambers wrote:

> RC writes:
> | David writes:
> | > I despise this feature of mailman,  Anybody can get their password sent to
> | > them from the web page.  Why send a monthly reminder with your password in
> | > cleartext?  I asked the admin to either change it or remove me.  He chose
> | > to remove me.
> |
> | Alas, David.   The good old days are gone. The Mailman
> | interfaces were designed for a class of users much less
> | 'net-capable than you.
> ...
> | So you find the inconveniences of mailing-list servers annoying?
> | I do too.  Oh, well.  You can always filter out the messages
> | that have the header "Subject: <servername> mailing list
> | memberships reminder".
> 
> Doesn't this sorta miss the point?  Sending passwords in the clear in
> email  messages  is just totally wrong.  Especially now that ISPs are
> routinely  "harvesting"  information  from   email   for   commercial
> purposes,   and  not  even  trying  to  hide  the  fact.   Sending  a
> uid/password pair via email is one of the most  irresponsible  things
> that any software (or administrator) can possibly do. If you're going
> to do this, you shouldn't even bother with passwords.
> 
> (And that would make it even easier for the users described here. ;-)
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss


--
Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org