On Thu, Mar 1, 2012 at 4:56 PM, Jeffrey Walton <[email protected]> wrote: >>> Mailman passwords are of very low value. >> >> >> Precisely correct. The security mechanism is commensurate with the general >> risk. And if you're running that high-value a mailing list, you simply >> disable that feature. > Low value to whom? Considering all the password reuse, some (such as > the bad guys) would consider the username/password list high value.
I let mailman generate passwords. And I never use them, much less re-use them. Well, I do use them when I need to change e-mail addresses, which happens very rarely, and then I start by asking mailman to send my my passwords because I don't remember them -- I've done this like once in the past decade. These are all public mailing lists. With public archives. To which people post unsigned messages. As for non-public lists, see Steven's reply. Yeah, mailman passwords are of low value from a security point of view. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
