[Mailman-Users] subscribing without password, default password

Barry A. Warsaw barry at digicool.com
Tue Jun 26 00:49:31 CEST 2001

>>>>> "PS" == Pekka Savola <pekkas at netcore.fi> writes:

    PS> The listinfo page requires subscribers hit in a password when
    PS> joining.  I feel this is counter-productive.

    PS> IMO, it would be better to _always_ generate passwords.  This
    PS> way they're truly random, aren't "valuable" and the user
    PS> doesn't have to think about it.

    PS> Consider: the user does _not_ want to know his password (I
    PS> don't!).  If he needs to unsubscribe or the like, he can just
    PS> order the password mailed to him, or get it from regular
    PS> reminders.

    PS>  ==> The listinfo page should be revised a bit on the
    PS> passwords

Some users want to supply their passwords so that if they are
subscribed to a dozen lists, they won't have to remember a dozen
passwords (or change them a dozen times).  MM2.1 makes this optional;
leave the fields blank when subscribing and it'll generate a random
password for you.

    PS> 2)

    PS> When I subscribed to a list using a message to
    PS> "listname-request at domain.com", the password was set to
    PS> "listname" (noticed when ordered my password to be sent over).

    PS>  ==> Shouldn't default email password be randomized?

Uh, yeah! :)  I've not seen this behavior.

    PS> 3)

    PS> Several Linux distributions compile mailman with non-fixed
    PS> uid/gid, preferring to use user/groupname, and leave the
    PS> decision about uid/gid to install phase.

    PS> This causes problems in Defaults.py MAILMAN_UID and

    PS> I have only seen a real problem with this in check_perms
    PS> script, the code of which isn't too robust:

    | ---
    | try:
    |     MAILMAN_GRPNAME = grp.getgrgid(MAILMAN_GID)[0]
    | except KeyError:
    |     MAILMAN_GRPNAME = '<anon gid %d>' % MAILMAN_GID
    | try:
    |     MAILMAN_OWNER = pwd.getpwuid(MAILMAN_UID)[0]
    | except KeyError:
    |     MAILMAN_OWNER = 'uid %d' % MAILMAN_UID
    | ---

    PS> So, GID and UID must be used, not the names.

    PS>  ==> would it make sense to be able to use symbolic names
    PS> everywhere (perhaps being able to override these in Default.py
    PS> by MAILMAN_GRPNAME etc.)?

Probably so.  Patches are welcome. :)

    PS> (about 1) and 2))

    PS> Perhaps there are some conflicting goals here, the current
    PS> method being better for those who want to be better able to
    PS> unsubscribe when they no longer have access to the mailbox
    PS> they want to unsubscribe from mailing-lists.

    PS> Any thoughts, or is there something I've missed?


More information about the Mailman-Users mailing list