>> Actually, it's only *your* password that's being emailed in the clear. It's >> punishment for failing to observe the first rule of this list, which is DO >> NOT TOP POST. >
Actually, my previous reply to this comment of yours did not adequately point out the magnitude of its idiocy. The reason I posted to the list in the first place was because the password was sent to me in the clear. This thread has been my sole contribution to the list so far. - Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Oct 1, 2013, at 6:03 PM, Greg <g...@kinostudios.com> wrote: >> Actually, it's only *your* password that's being emailed in the clear. It's >> punishment for failing to observe the first rule of this list, which is DO >> NOT TOP POST. > > Huh? > > 1. I don't know what "top post" means, and I see nothing here about it: > http://www.metzdowd.com/mailman/listinfo/cryptography > > 2. The password was sent to me as part of a poorly configured mailing list > bot, not any sort of "punishment". > > 3. Even if it was sent to me as "punishment", that is retarded. > >> If you don't like the way this list is run, you are welcome to unsubscribe. > > Yeah, I know. I might do that, as seeing the response to my request has > convinced me there's little worth reading here anyway. > >> The person running this list knows his job very well, and I'd suggest you be >> a bit more respectful of him. > > What did I say that you feel was disrespectful? That he's failing at his job? > That's not disrespectful, that's my opinion based on the fact that he is > choosing to mail people their list passwords in the clear. > > Running a mailing list is not hard work. There are only so many things one > can fuck up. This is probably one of the biggest mistakes that can be made in > running a mailing list, and on a list that's about software security. It's > just ridiculous. > > A mailing list shouldn't have any passwords to begin with. There is no need > for passwords, and it shouldn't be possible for anyone to unsubscribe anyone > else. > > User: Unsubscribe [EMAIL] -> Server > Server: Are you sure? -> [EMAIL] > User@[EMAIL]: YES! -> Server. > > No passwords, and no fake unsubscribes. > > - Greg > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > On Oct 1, 2013, at 4:56 PM, John Ioannidis <j...@tla.org> wrote: > >> On Tue, Oct 1, 2013 at 12:56 PM, Greg <g...@kinostudios.com> wrote: >> There is nothing difficult about the right course of action here: Don't send >> the password. Disable this silly default. >> >> The attitude expressed in these replies is a disgrace to the profession of >> software security, and a disgrace to the list. >> >> It doesn't matter whether or not I "should" be using a unique password. I >> might not be, and even if I am, a nerd next to me shouldn't be able to >> change my subscription settings because of the listserv's idiotic setting. >> >> It is NOT the user's responsibility to compensate for the incompetence of >> sys admins or software developers. They are the ones who are failing their >> jobs. >> >> >> Actually, it's only *your* password that's being emailed in the clear. It's >> punishment for failing to observe the first rule of this list, which is DO >> NOT TOP POST. >> >> If you don't like the way this list is run, you are welcome to unsubscribe. >> The password for unsubscribing has been already emailed to you. The person >> running this list knows his job very well, and I'd suggest you be a bit more >> respectful of him. >> >> /ji >> >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
