<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">So you have time to attack people for
disagreeing with you, but not a minute to simply file on issue on
D.O.? Why not help fix the problem by filing a issue, instead of
contributing to it by simply ignoring it? <br>
<pre class="moz-signature" cols="72">Jamie Holly
<a class="moz-txt-link-freetext" href="http://www.intoxination.net">http://www.intoxination.net</a>
<a class="moz-txt-link-freetext" href="http://www.hollyit.net">http://www.hollyit.net</a></pre>
On 12/3/2012 12:10 PM, Pat Ferrel wrote:<br>
</div>
<blockquote
cite="mid:6A4B5E6E-137E-4B53-8403-01FCAB1594B3@gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
Sorry Steve, I didn't mean to wrong you. You are on the right side
of this. I'd fix or file a bug but unfortunately have bigger fish
to fry at present. I hope someone else does.
<div>
<div><br>
</div>
<div>For anyone reading this exchange I recommend you pay close
attention to the names on the exchange emails and filter any
future advice accordingly. Also pretty much assume your
passwords here have been compromised and should be used
nowhere else.</div>
<div><br>
</div>
<div>Out.</div>
<div><br>
<div>
<div>On Dec 2, 2012, at 9:28 AM, Steve Kessler <<a
moz-do-not-send="true"
href="mailto:skessler@denverdataman.com">skessler@denverdataman.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<p dir="ltr">Pat,</p>
<p dir="ltr">I did not justify it by saying its a community
effort. I said that if someone wants it fixed they need to
stand up and do it. </p>
<p dir="ltr">I hope that will be you. </p>
<p dir="ltr">Thanks,<br>
Steve</p>
<div class="gmail_quote">On Dec 2, 2012 10:25 AM, "Pat
Ferrel" <<a moz-do-not-send="true"
href="mailto:pat.ferrel@gmail.com">pat.ferrel@gmail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">Wow, this is complete
foolishness.
<div><br>
</div>
<div>How does my failure to read a notice have
anything to do with an obviously bad practice? Red
herring!</div>
<div><br>
</div>
<div>Also what does the fact that this is a community
effort have anything to do with an obviously bad
practice? Another red herring. Community can also
work to point out failures like this and work to fix
them.</div>
<div><br>
</div>
<div>The password protects low security information
but I am not even sure where else I use that
password. And this itself is another red herring.</div>
<div><br>
</div>
<div>Passwords in clear text are universally and
absolutely BAD. You can justify the fact that no one
has time to fix it. That I understand but the rest
of these arguments are purely specious.</div>
<div><br>
</div>
<div><br>
<div>
<div>On Dec 1, 2012, at 2:19 PM, Anthony <<a
moz-do-not-send="true"
href="mailto:tony@tony-mac.com"
target="_blank">tony@tony-mac.com</a>>
wrote:</div>
<br>
Very well written Richard. <br>
<br>
<div class="gmail_quote">
On Sat, Dec 1, 2012 at 1:59 PM, Richard Damon <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:Richard@damon-family.org"
target="_blank">Richard@damon-family.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div>On 12/1/12 11:57 AM, Pat Ferrel
wrote:<br>
</div>
<blockquote type="cite"> I just got a
reminder from the <a
moz-do-not-send="true"
href="mailto:mailman-owner@drupal.org"
target="_blank">mailman-owner@drupal.org</a> about
my account settings for this mail group.
<div><br>
</div>
<div>The email contained my password in
clear text!!! This is completely
unacceptable.</div>
<div>
<ol>
<li>you should never save my
password in clear text</li>
<li>you should never never send it
anywhere! </li>
</ol>
<div><br>
</div>
</div>
<div>This is something I'd expect from
bad practices of the last century.</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
</div>
As has been mentioned, the fact that this
will happen is clearly stated on the
subscription form. This password policy has
been discussed on the Mailman development
lists, and the basic argument is that the
list password is protecting low security
information, as all that someone getting
this password can do is to mess up your
subscription settings or unsubscribe you
from the list. Mailman is also set up to be
totally usable by a user via email and not
require any web access, the process needs to
allow for the transmission of passwords in
plain text as their is no other option with
email.<br>
<br>
If YOU made the mistake of using a
"valuable" password for the list, and do not
trust the security of your email system, it
is your own fault, and you should change you
password and do your best to clear that
email from your client. You can also change
your setting to suppress the monthly
password reminder, but anyone can get the
system to email it to you if they want.<br>
<br>
As to the other comment about "sensible
managers" turning off this option, I would
have to disagree, most of the Mailman lists
that I belong to do send the monthly
reminder, and I would never turn it off for
the lists I run because I get enough people
who subscribe to lists like this with a free
email account so that when the email address
gets too well known and starts to get too
much spam, the account can be closed down
and a new on made (and the list subscription
changed), and then the free email account is
set to forward to their main account. I the
person doesn't POST that often, they may
forget what email address the list is
actually sending email too, and if you
forget what it is, you need to know how to
read email headers well to figure it out,
assuming the relaying host adds the "for"
information in the received headers.<span><font
color="#888888"><br>
<pre cols="72">--
Richard Damon</pre>
</font></span></div>
<br>
--<br>
[ Drupal support list | <a
moz-do-not-send="true"
href="http://lists.drupal.org/"
target="_blank">http://lists.drupal.org/</a>
]<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<p><b style="font-size:13px;font-family:'Lucida
Handwriting',cursive"><i>Anthony Stefan
Maciejowski</i></b></p>
<div><br>
</div>
<br>
<div><br>
</div>
<br>
-- <br>
[ Drupal support list | <a moz-do-not-send="true"
href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a>
]</div>
<br>
</div>
</div>
<br>
--<br>
[ Drupal support list | <a moz-do-not-send="true"
href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a>
]<br>
</blockquote>
</div>
-- <br>
[ Drupal support list | <a moz-do-not-send="true"
href="http://lists.drupal.org/">http://lists.drupal.org/</a>
]</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>