[Mailman-Developers] Hashing member passwords in config.pck
Barry Warsaw
barry at python.org
Sat Feb 12 00:46:12 CET 2005
On Thu, 2005-02-10 at 13:44, Adrian Bye wrote:
> Why even bother with passwords? They're good to include in the unsubscribe URL,
> so that if someone maliciously gets your list, they can't unsubscribe everyone
> manually. But mainstream commercial autoresponders have no passwords, and they
> work great.
Since Mailman 2.1, passwords have not been required to unsubscribe, even
though it is a common misconception that they are. I'm not sure why
people forget that!
Actually, I think that if we just shut off the monthly reminder, 99% of
Mailman users would never even know they had a password (who reads those
welcome messages anyway?). They wouldn't care either because most
people don't change their options and private archives aren't as common
as public archives.
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/mailman-developers/attachments/20050211/9a4887c3/attachment.pgp
More information about the Mailman-Developers
mailing list