[Mailman-Developers] Mailman Usability

Terri Oda terri at zone12.com
Fri Mar 4 22:09:28 CET 2005

On Mar 4, 2005, at 5:50 AM, Fil wrote:
> But I still find it too complex; we should get rid of the password 
> thing.
> People just nedd to know where they can see more options.

I've been thinking a bunch about this since it was mentioned as a 
security problem a while back, and the more I think about it, the more 
I like the idea of not having passwords for regular users.  (Or having 
it possible for admins to disable passwords for regular users.)

I was thinking that it'd be best replaced with timed 
email-authorization things, the way you can currently unsubscribe 
without a password.  I don't know how long the timeout on those things 
are, but having it send you an email with a link to the archives or 
your options seems feasible.  Having the links only be valid for a 
given time (say, an hour?) would reduce the threat of dictionary 
attacks *and* mean that more users can figure out how to do things on 
their own. ;)


More information about the Mailman-Developers mailing list