[Users] password security

Frank Loeffler knarf at cct.lsu.edu
Fri Jun 1 09:34:27 CDT 2012


Hi,

On Fri, Jun 01, 2012 at 01:11:32PM +0200, Vassilios Mewes wrote:
> why is my password shown and sent unencrypted in this mail (i removed this
> in the copied part above)? isn't that dangerous?

Passwords for email lists are not considered to be secure. They are
typically used within emails or unsecured web pages (e.g. to change
settings or to browse private archives). Hence, almost all mailman
installations send monthly reminders with the list password mentioned.

> i have to change the
> password for the mailing list now, as i am using it in other places as
> well...

Doing that is something mailman actually warns you about when you choose
set the password: "You may enter a privacy password below. This provides
only mild security, but should prevent others from messing with your
subscription. Do not use a valuable password as it will occasionally be
emailed back to you in cleartext."

I recommend to not enter a password there in which case mailman will
generate some random password for you (and send it by cleartext email,
either monthly or on request.

Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://lists.einsteintoolkit.org/pipermail/users/attachments/20120601/4c152fae/attachment.bin 


More information about the Users mailing list