Emile State wrote: > I just received my hogranch.com mailing list memberships reminder (sent > monthly) for prime and was dismayed to be reminded of my password in clear. > This is an extremely bad practice, as it means that all the passwords are > stored on the hogranch.com server in clear.
Welcome to the fine world of GNU mailman. In some great leap of logic they decided that their mailing list manager software needed a web interface, and in doing so they chose the most naive and unsophisticated means of doing it. So if you're on a number of mailing lists you get to dread the first of the month as all these silly autogenerated mails fill in your inbox with your totally unsecure, plaintext password - unless of course you get off your butt and go to every different list and disable the stupid thing. So not only do we have plaintext passwords, we have them sent automatically on a predefined date to every subscriber. <sarcasm>Sure sounds like good policy to me.</sarcasm> But they simply shrug it off by saying "make sure to use a throwaway password that's not important." Somehow they've never dealt with an end-user in their entire lives if they think users will make up seperate passwords for their silly program. They might as well have a little text box that says "Are you who you say you are? Y/N" It would take a lot less effort and only be slightly less secure. It totally escapes me why the GNU people couldn't write a MLM that works like *every* *other* MLM invented and simply authenticates based on sending a verification email to the address which the user replies to. But, sysadmins seem to love this "GNU mailman" for some reason unknown to me. As a list user, it's the dregs. These things are of course out of my control so I just shut up and go back under my rock at this point. Brian _______________________________________________ Prime mailing list [EMAIL PROTECTED] http://hogranch.com/mailman/listinfo/prime
