"JRA" == Jay R Ashworth jra@baylink.com writes:
JRA> Two edged sword.
JRA> I'm trying to remember whose message it is, Slashdot's, I
JRA> think, that says "don't get your panties in a twist because
JRA> we included your password in clear".
JRA> This completely fails to take into account the "I use the
JRA> same password many places" people.
JRA> Getting the passwords out of the mail is a good thing... but
JRA> mail is *still* sniffable. Depends how much security you
JRA> want people to have...
The last step (to be added /eventually/) is to allow users to suppress password containing emails unless they specifically hit "Email My Password To Me". This means 1) allowing them to inhibit monthly reminders on a per-user basis; 2) allowing them to suppress the password in the welcome message; 3) adding confirmation emails for things like changing their options.
Shouldn't be hard to do, just takes time.
Still, we /tell/ users not to use important passwords for their Mailman accounts, but I understand the Pinball Machine Rule[1] applies here.
-Barry
[1] The PMR is the observation that it doesn't matter a wit if the instructions are printed clearly for all to see, nobody will read them. They'll just drop their quarter(s) and start pushing buttons like a Tommy.