>>>>> "MM" == Marc MERLIN <[EMAIL PROTECTED]> writes:
MM> When I went to:
MM>
http://gandalf-lists.merlins.org/lists/confirm/test2/372ff4ab4ca390f3c3bfabd47cd78e92489a0b5d
MM> (don't bother trying, it's localhost on my laptop :-D) I get
MM> an HTML page to confirm my subscription.
MM> I haven't looked at the code in details, but does mailman need
MM> to put the list password in cleartext in the HTML? (if the
MM> answer is "yes", then never mind)
MM> It's not the end of the world, but if someone puts my Email by
MM> mistake (one letter typo or something in a company), I can get
MM> his mailman password, and with a little luck that password
MM> could work in other places too (not that the person is
MM> supposed to use the same password, but...)
I don't think Mailman needs to put the password on this page. I've
disabled it, and included a note that the password can be changed once
the user is subscribed.
-Barry
_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers
