[Mailman-Developers] Hashing member passwords in config.pck

Barry Warsaw barry at python.org
Sat Feb 12 00:46:12 CET 2005


On Thu, 2005-02-10 at 13:44, Adrian Bye wrote:
> Why even bother with passwords?  They're good to include in the unsubscribe URL,
> so that if someone maliciously gets your list, they can't unsubscribe everyone
> manually.  But mainstream commercial autoresponders have no passwords, and they
> work great.

Since Mailman 2.1, passwords have not been required to unsubscribe, even
though it is a common misconception that they are.  I'm not sure why
people forget that!

Actually, I think that if we just shut off the monthly reminder, 99% of
Mailman users would never even know they had a password (who reads those
welcome messages anyway?).  They wouldn't care either because most
people don't change their options and private archives aren't as common
as public archives.

-Barry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/mailman-developers/attachments/20050211/9a4887c3/attachment.pgp


More information about the Mailman-Developers mailing list