On Wed, Apr 2, 2014 at 6:43 AM, Nick Lindridge <[email protected]> wrote: > > > Apologies if this has been pointed out before, hard to imagine that it > hasn't really. When signing up for the list, I was surprised that it > emailed back my password in plain text. >
Hi Nick. Yeah, Mailman does that sort of thing. But to their credit, on the list description/signup page at ( http://nmap.org/mailman/listinfo/fulldisclosure), the text above the password box says: "You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext." They should probably just call it a confirmation token or something instead of password, as the point is just to prove you're the one getting email at the given address so you can edit your list subscription preferences. I never enter a token and let Mailman choose one for me. Cheers, Fyodor _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
