[Mailman-Developers] Alternate authentication mechanism (was ... RELEASED Mailman 2.1 beta 5)

Terri Oda terri@zone12.com
Thu Nov 21 06:01:16 2002

On Wed, Nov 20, 2002 at 03:10:29PM -0500, Stonewall Ballard wrote:
> On 11/19/02 7:37 PM, "Phil Stracchino" <alaric@babcom.com> wrote:
> > Hey, I just had an idea for a Mailman (not necessarily 2.1) feature
> > enhancement.  Smack me if this isn't reasonable.
> > 
> > (GPG scheme elided)
> > 
> > What do you think?  Thoughts, questions, LARTage?
> > 
> Nobody on any of the lists I run would have a clue on how to use this.

And to contrast, I've not only had people request this sort of thing, or
express surprise that there is no secure way to do passwords, but I've also
gotten mail from one user had some, um, choice words for the list
administrators when she discovered that her password was sent in plaintext.

(It's hard to feel sorry for someone who claims to be concerned about
security and yet couldn't be bothered to read the warnings or say, notice
that she was sending her password over http in order to subscribe in the
first place.  I wonder if I kept that message for posterity.  She gave us
quite the lecture, then unsubscribed in disgust, and hopefully changed that
password anywhere else she was using it.)

Anyhow, I think giving a PGP option is a great idea.  As long as we're not
forcing everyone to use it, it'd be a nice alternative for those people who
do care.  Although if it's not combined with a secure web interface, I'm not
too sure it'd have much point.


More information about the Mailman-Developers mailing list