On 5/26/06 6:54 PM, "Mark Sapiro" <[EMAIL PROTECTED]> wrote:
> You don't have to send email commands in the subject. The body is > processed too, but to answer your question, I don't feel uneasy about > sending a list member password. They are mailed in reminders and we > say not to use a valuable password. Although password reminders are > going away in Mailman 2.2 in favor of a reset scheme. > > I am less cavalier about the list admin password. I am not bothered by > the idea of sending it, but whenever I do send it in an email command > or an Approved: header, I am extra careful about how the mail is > addressed. I've mentioned before that part (only part) of the problem is that we call the thing a "password". So people see "password" and plain text, and rightly respond with security anguish. So it's not a "password" it's a "<mumble> token". (I don't know what "mumble" should be.) A lot less frightening. And as a side benefit, if it isn't a "password" some people will be less likely to use the same password they've used 10 other places, endangering their accounts at those places. --John (at least if you think I haven't forged myself) ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
