[Squeakland] Mailing list reminders send plain-text password

francois schnell francois.schnell at gmail.com
Fri Mar 2 02:37:57 PST 2007 

Hello,

I also subscribed to many mailman malling-list and I've just checked them. A
lot of them show a clear password at the end of the reminder but not all of
them send this reminder mail.

I had a quick look at the mailman admin doc:
"""
This document is intended for persons who have the responsibility of
managing mail lists that are being run by the GNU Mailman mail list manager.
Note that this document is not intended for people who are only list members
"""
http://staff.imsa.edu/~ckolar/mailman/mailman-administration-v2.html

and there's a parameter it seems the admin can set:

"""
Send monthly password reminders or no? Overrides the previous option. When
set to yes, list members will receive an automatically generated monthly
posting reminding them of their password as well as the URLs to access their
list configuration options. This will save you're a lot of time as
administrator as it will let users solve a lot of their own problems.
""""
I can really understand why admins want to leave this by default, mainly to
avoid dealing with new users who haven't understand yet how to manage and
get-out of a malling list.

Even if it's possible for the user to change this behavior in his account I
don't like this  for security reasons.

I've never seen that my passwords was sent in this mails: the mails are
called  "mailing list memberships reminder" and I already know I'm a mailing
list member and so I have no reasons to check this. Mailman should  call
this  "mailing list memberships and *clear password* reminder"  IMO.

On the mailman mailing-lists which doesn't send me the clear reminder by
default there's the list address link at the end of the mail which I believe
is far sufficient (users can there retrieve their password if they really
forgot it and they know what to expect and when in their mailbox).

Anyway, thanks Guyren and Steven for the awareness. Next time I'll subscribe
to a list I'll also be also more cautious :)

francois


Wow, Thanks Steven and Guyren,


On 3/2/07, Steven Elkins <sgelkins at gmail.com> wrote:
>
> On 3/1/07, Guyren Howe <guyren at mac.com> wrote:
> > I am getting a monthly mailing list reminder, containing my password
> > in plain text.
> >
> > Is there any way to stop having my password sent to me in plain text?
>
> The same email should have a link to your list membership
> configuration page.  One of the options is...
>
>     Get password reminder email for this list?
>
> Not sure it's exactly what you want.
>
> HTH,
> Steve
>
>
> --
> How wonderful it is that nobody need wait a single moment
> before starting to improve the world.       -- Anne Frank
> Paradise is exactly where you are
> right now...only much, much better.    -- Laurie Anderson
> _______________________________________________
> Squeakland mailing list
> Squeakland at squeakland.org
> http://squeakland.org/mailman/listinfo/squeakland
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://squeakland.org/pipermail/squeakland/attachments/20070302/33bb5297/attachment.htm

More information about the Squeakland mailing list