[Mailman-Developers] Re: [Mailman-Users] Any way users can unsubscribe without a password?
Barry A. Warsaw
barry at digicool.com
Mon Apr 2 08:14:30 CEST 2001
>>>>> "JRA" == Jay R Ashworth <jra at baylink.com> writes:
JRA> Two edged sword.
JRA> I'm trying to remember whose message it is, Slashdot's, I
JRA> think, that says "don't get your panties in a twist because
JRA> we included your password in clear".
JRA> This completely fails to take into account the "I use the
JRA> same password many places" people.
JRA> Getting the passwords out of the mail is a good thing... but
JRA> mail is *still* sniffable. Depends how much security you
JRA> want people to have...
The last step (to be added /eventually/) is to allow users to suppress
password containing emails unless they specifically hit "Email My
Password To Me". This means 1) allowing them to inhibit monthly
reminders on a per-user basis; 2) allowing them to suppress the
password in the welcome message; 3) adding confirmation emails for
things like changing their options.
Shouldn't be hard to do, just takes time.
Still, we /tell/ users not to use important passwords for their
Mailman accounts, but I understand the Pinball Machine Rule[1] applies
here.
-Barry
[1] The PMR is the observation that it doesn't matter a wit if the
instructions are printed clearly for all to see, nobody will read
them. They'll just drop their quarter(s) and start pushing buttons
like a Tommy.
More information about the Mailman-Users
mailing list