 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
You are correct. If you look at the mailman site, it explains some of the reasons, and that the passwords are very weak. Many web based systems allow you to receive your password by email. Majordomo did not have any real protection from someone changing your email options. One of the advantages of mailman is that email addresses are displayed as "foo at <domain>" which makes it more difficult for harvesting. Actually, the monthly mailing are a real pain in the ass for John and me. Someone gets a mailing from mailman-owner, then replies and asks us to remove him/her from your list. My stock response is that we run 20 listservs, each run by an independent user group. Here is how to unsubscribe (using the URL with <listname> instead of the real name of the list I don't know). Certainly, we have tools to figure out what lists an email address is on, but I don't as a matter of policy touch any list that I don't run. If anyone has further questions they should direct them to their list owners. On 2 May 2002 at 13:01, John Chambers wrote: > RC writes: > | David writes: > | > I despise this feature of mailman, Anybody can get their password sent to > | > them from the web page. Why send a monthly reminder with your password in > | > cleartext? I asked the admin to either change it or remove me. He chose > | > to remove me. > | > | Alas, David. The good old days are gone. The Mailman > | interfaces were designed for a class of users much less > | 'net-capable than you. > ... > | So you find the inconveniences of mailing-list servers annoying? > | I do too. Oh, well. You can always filter out the messages > | that have the header "Subject: <servername> mailing list > | memberships reminder". > > Doesn't this sorta miss the point? Sending passwords in the clear in > email messages is just totally wrong. Especially now that ISPs are > routinely "harvesting" information from email for commercial > purposes, and not even trying to hide the fact. Sending a > uid/password pair via email is one of the most irresponsible things > that any software (or administrator) can possibly do. If you're going > to do this, you shouldn't even bother with passwords. > > (And that would make it even easier for the users described here. ;-) > > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://www.blu.org/mailman/listinfo/discuss -- Jerry Feldman <gaf at blu.org> Associate Director Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
