On Mar 1, 2012, at 4:33 12PM, Nico Williams wrote:
> On Thu, Mar 1, 2012 at 3:22 PM, Randall Webmail <[email protected]> wrote:
>> From: "Jeffrey Walton" <[email protected]>
>>> Perhaps Fricosu reused a password and was on a mailing list using Mailman...
>>
>> Yeah - what's the deal with Mailman sending the password in clear-text, once
>> a month?
>>
>> Did anyone really think that was a good idea? Was it a tradeoff between
>> security and help desk support costs? What other reason could there be?
>
> Mailman passwords are of very low value.
Precisely correct. The security mechanism is commensurate with the general
risk. And if you're running that high-value a mailing list, you simply
disable that feature.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
