[Mailman-Users] Newbie questions
John W. Baxter
jwblist3 at olympus.net
Sat May 27 06:35:16 CEST 2006
On 5/26/06 6:54 PM, "Mark Sapiro" <msapiro at value.net> wrote:
> You don't have to send email commands in the subject. The body is
> processed too, but to answer your question, I don't feel uneasy about
> sending a list member password. They are mailed in reminders and we
> say not to use a valuable password. Although password reminders are
> going away in Mailman 2.2 in favor of a reset scheme.
>
> I am less cavalier about the list admin password. I am not bothered by
> the idea of sending it, but whenever I do send it in an email command
> or an Approved: header, I am extra careful about how the mail is
> addressed.
I've mentioned before that part (only part) of the problem is that we call
the thing a "password". So people see "password" and plain text, and
rightly respond with security anguish.
So it's not a "password" it's a "<mumble> token". (I don't know what
"mumble" should be.) A lot less frightening. And as a side benefit, if it
isn't a "password" some people will be less likely to use the same password
they've used 10 other places, endangering their accounts at those places.
--John (at least if you think I haven't forged myself)
More information about the Mailman-Users
mailing list