On Wed, Jul 14, 2010 at 11:26 AM, Kenneth Gonsalves lawgon@au-kbc.org wrote:
On Wednesday 14 July 2010 11:10:11 Arun Khan wrote:
password reminder is actually rather silly as now a days every one has a 'lost your password' link (including mailman). And no one puts in a password when subscribing anyway - so what mailman is reminding one of is the automatically generated password.
The bigger point is that even the "lost your password" links send the password in text and the point being made was that the passwords are sent in clear text to the user's mailbox - does not matter whether it is Maiman or any other zillion services on the 'Net.
any sensible 'lost your password' function will send a link to a web page where you can enter a new password. That way, the site never knows your password. Mailman does not follow this for the simple reason that mailing list passwords are trivial passwords - even if they are cracked, no damage is done.
It still comes into your email box and if that is compromised everything else is moot. IMO, no different from clear text passwords being sent to your mail box.
-- Arun Khan