Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] mailing list memberships reminder

jc wrote, about Mailman's password e-mails:

> Doesn't this sorta miss the point?  Sending passwords in the clear in
> email  messages  is just totally wrong.  Especially now that ISPs are
> routinely  "harvesting"  information  from   email   for   commercial
> purposes,   and  not  even  trying  to  hide  the  fact.   Sending  a
> uid/password pair via email is one of the most  irresponsible  things
> that any software (or administrator) can possibly do. If you're going
> to do this, you shouldn't even bother with passwords.

It depends on what you want to protect with the passwords. The
more valuable is the data you're protecting, the more protection
you may seek.  In this case, we're just protecting a user's
subscription entry on a list server.   

As you rightly point out, Mailman's password scheme doesn't
protect against snooping by your ISP.   Ultimately nothing
protects against that, given that brute force methods could
break any password scheme or encryption method used.   On the
other hand, Mailman's flimsy little password is probably enough
to impede most malicious users from unsubscribing you against
your wishes.   


GnuPG keyID F9C6579F 
Btw, see Rich Parsons' caricature site:

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /