[Mailman-Developers] Do we need the password in the HTML of the confirm page?

[Barry A. Warsaw]

>>>>> "MM" == Marc MERLIN <marc_news@vasoftware.com> writes:

    MM> When I went to:
    MM> http://gandalf-lists.merlins.org/lists/confirm/test2/372ff4ab4ca390f3c3bfabd47cd78e92489a0b5d
    MM> (don't bother trying, it's localhost on my laptop :-D) I get
    MM> an HTML page to confirm my subscription.

    MM> I haven't looked at the code in details, but does mailman need
    MM> to put the list password in cleartext in the HTML?  (if the
    MM> answer is "yes", then never mind)

    MM> It's not the end of the world, but if someone puts my Email by
    MM> mistake (one letter typo or something in a company), I can get
    MM> his mailman password, and with a little luck that password
    MM> could work in other places too (not that the person is
    MM> supposed to use the same password, but...)

I don't think Mailman needs to put the password on this page.  I've
disabled it, and included a note that the password can be changed once
the user is subscribed.

-Barry