On Nov 2, 2012, at 3:56 PM, "John R Levine" <jo...@taugh.com> wrote:
>>>> Why does the "mailing list memberships reminder" send passwords in the >>>> clear? >>> Because that's what Mailman does. Send code. >> >> And that's acceptable to the IETF? You're kidding me, right? > > I can't speak for the IETF, but I do note that the same password notices have > been going out on the first of every month for years. You just noticed iit > now? > The mailman webUI (e.g: https://www.ietf.org/mailman/listinfo/ietf ) says: "You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext. If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options. Once a month, your password will be emailed to you as a reminder." W > And once again, if you think it should do something else, send code. We're > volunteers here. Assertions that it is very important for someone else to do > work that you're not prepared to do are rarely effective. > > R's, > John > -- Don't be impressed with unintelligible stuff said condescendingly. -- Radia Perlman.
