<p dir="ltr">Pat,</p>
<p dir="ltr">I did not justify it by saying its a community effort. I said that if someone wants it fixed they need to stand up and do it. </p>
<p dir="ltr">I hope that will be you. </p>
<p dir="ltr">Thanks,<br>
Steve</p>
<div class="gmail_quote">On Dec 2, 2012 10:25 AM, "Pat Ferrel" <<a href="mailto:pat.ferrel@gmail.com">pat.ferrel@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">Wow, this is complete foolishness.<div><br></div><div>How does my failure to read a notice have anything to do with an obviously bad practice? Red herring!</div><div><br></div><div>Also what does the fact that this is a community effort have anything to do with an obviously bad practice? Another red herring. Community can also work to point out failures like this and work to fix them.</div>
<div><br></div><div>The password protects low security information but I am not even sure where else I use that password. And this itself is another red herring.</div><div><br></div><div>Passwords in clear text are universally and absolutely BAD. You can justify the fact that no one has time to fix it. That I understand but the rest of these arguments are purely specious.</div>
<div><br></div><div><br><div><div>On Dec 1, 2012, at 2:19 PM, Anthony <<a href="mailto:tony@tony-mac.com" target="_blank">tony@tony-mac.com</a>> wrote:</div><br>Very well written Richard. <br><br><div class="gmail_quote">
On Sat, Dec 1, 2012 at 1:59 PM, Richard Damon <span dir="ltr"><<a href="mailto:Richard@damon-family.org" target="_blank">Richard@damon-family.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div><div>
<div>On 12/1/12 11:57 AM, Pat Ferrel wrote:<br>
</div>
<blockquote type="cite">
I just got a reminder from the <a href="mailto:mailman-owner@drupal.org" target="_blank">mailman-owner@drupal.org</a> about
my account settings for this mail group.
<div><br>
</div>
<div>The email contained my password in clear text!!! This is
completely unacceptable.</div>
<div>
<ol>
<li>you should never save my password in clear text</li>
<li>you should never never send it anywhere! </li>
</ol>
<div><br>
</div>
</div>
<div>This is something I'd expect from bad practices of the last
century.</div>
<br>
<fieldset></fieldset>
<br>
</blockquote></div></div>
As has been mentioned, the fact that this will happen is clearly
stated on the subscription form. This password policy has been
discussed on the Mailman development lists, and the basic argument
is that the list password is protecting low security information, as
all that someone getting this password can do is to mess up your
subscription settings or unsubscribe you from the list. Mailman is
also set up to be totally usable by a user via email and not require
any web access, the process needs to allow for the transmission of
passwords in plain text as their is no other option with email.<br>
<br>
If YOU made the mistake of using a "valuable" password for the list,
and do not trust the security of your email system, it is your own
fault, and you should change you password and do your best to clear
that email from your client. You can also change your setting to
suppress the monthly password reminder, but anyone can get the
system to email it to you if they want.<br>
<br>
As to the other comment about "sensible managers" turning off this
option, I would have to disagree, most of the Mailman lists that I
belong to do send the monthly reminder, and I would never turn it
off for the lists I run because I get enough people who subscribe to
lists like this with a free email account so that when the email
address gets too well known and starts to get too much spam, the
account can be closed down and a new on made (and the list
subscription changed), and then the free email account is set to
forward to their main account. I the person doesn't POST that
often, they may forget what email address the list is actually
sending email too, and if you forget what it is, you need to know
how to read email headers well to figure it out, assuming the
relaying host adds the "for" information in the received headers.<span><font color="#888888"><br>
<pre cols="72">--
Richard Damon</pre>
</font></span></div>
<br>--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br></blockquote></div><br><br clear="all"><br>-- <br><p><b style="font-size:13px;font-family:'Lucida Handwriting',cursive"><i>Anthony Stefan Maciejowski</i></b></p>
<div><br></div><br><div><br></div><br>
-- <br>[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]</div><br></div></div><br>--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br></blockquote></div>