[TriLUG] MASSIVE SECURITY BREACH
Jeremy Portzer
jeremyp at pobox.com
Mon Mar 1 16:57:24 EST 2004
On Mon, 2004-03-01 at 16:43, Stanley A. Schultz wrote:
> Jeremy and All:
>
> It's a sad state of affairs when the very first posting of a new list
> member has to be something of this nature.
>
I note how you conveniently snipped this part of my reply:
First of all, this is extremely common. A vast number, if not
the majority of lists, in the free/open source software world,
like GNU Mailman, do this. The reason is that the list password
is intended as "convenience" password, to keep out spammers and
pranksters. It is in no way meant to be a highly secure item,
and mailman even warns of that:
Do not use a valuable password as it will occasionally
be
emailed back to you in cleartext.
Care to respond to that? I mean, I can see why you might be upset that
a valueable password was transmitted in cleartext, and had I not been
warned of that, I would be upset too. But I thought the wording was
clear on that page. Do you have any suggestions on how we can improve
that page?
Thanks,
Jeremy
--
/---------------------------------------------------------------------\
| Jeremy Portzer jeremyp at pobox.com trilug.org/~jeremy |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 |
\---------------------------------------------------------------------/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040301/e2af55d9/attachment.pgp>
More information about the TriLUG
mailing list