[Mailman-Developers] Re: [Mailman-Announce] RELEASED Mailman 2.1 beta5

Bryan Fullerton bryanf@samurai.com
Mon Nov 25 14:42:28 2002

On Monday, November 25, 2002, at 12:48 AM, John W Baxter wrote:

> At 1:02 -0500 11/20/2002, Phil Barnett wrote:
>> Sending passwords as plaintext in 2002 is downright negligent 
>> considering the
>> current state of sniffing, monitoring and penetration.
> So...we stop calling them passwords.

I'm on so many Mailman lists that I can never remember which ones I've 
chosen passwords for and which I've let the software choose, so 
whenever I want to change any settings on a list I always mail myself 
the password.

I'd be happy with randomly generated one-time time-limited (hours? 
days?) tokens - perhaps somewhat longer Base64 or MD5 hashes - and have 
the software mail out a URL. I like the idea of sending a URL - users 
are frequently confused about what they should be doing with the 
password, if they can just click they'd be happier.

To continue supporting email commands, perhaps have a system of 
requesting a time-limited token by return email.

(finally read the backlog of 800 messages I had on this list - yay!)

More information about the Mailman-Developers mailing list