[Mailman-Developers] Re: [Mailman-Users] Any way users can unsubscribe without a password?

[Barry A. Warsaw]

>>>>> "JRA" == Jay R Ashworth <jra@baylink.com> writes:

    JRA> Two edged sword.

    JRA> I'm trying to remember whose message it is, Slashdot's, I
    JRA> think, that says "don't get your panties in a twist because
    JRA> we included your password in clear".

    JRA> This completely fails to take into account the "I use the
    JRA> same password many places" people.

    JRA> Getting the passwords out of the mail is a good thing... but
    JRA> mail is *still* sniffable.  Depends how much security you
    JRA> want people to have...

The last step (to be added /eventually/) is to allow users to suppress
password containing emails unless they specifically hit "Email My
Password To Me".  This means 1) allowing them to inhibit monthly
reminders on a per-user basis; 2) allowing them to suppress the
password in the welcome message; 3) adding confirmation emails for
things like changing their options.

Shouldn't be hard to do, just takes time.

Still, we /tell/ users not to use important passwords for their
Mailman accounts, but I understand the Pinball Machine Rule[1] applies
here.

-Barry

[1] The PMR is the observation that it doesn't matter a wit if the
instructions are printed clearly for all to see, nobody will read
them.  They'll just drop their quarter(s) and start pushing buttons
like a Tommy.