On Fri, Jul 19, 2013 at 02:52:56PM -0400, Mark LaPierre wrote: > Does anyone else question the wisdom of sending out passwords "in > the clear" in unencrypted email? This is a known problem with mailman. However, it's actually not as bad as it sounds -- or rather, it's worse than you think, and mailman is just not papering over the problem. That's because mailman treats "can see an email mailman sent" as authentication. It doesn't really matter if there's a password or a long hash. As long as you can intercept someone's email, you can control their mailing list subscriptions. That's why there's a warning about not using a "real" password. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
