On 1 Nov 2012, at 20:20, Paul Aitken <paitken(_at_)cisco(_dot_)com> wrote:
Why does the "mailing list memberships reminder" send passwords in the clear?
Because mailman is brain-dead stupid. See:
http://www.jwz.org/doc/mailman.html
Sadly, and despite my best efforts to find alternative mailing list software,
mailman wins on popularity (ugh) and hence support with practically no
competition. Only majordomo2, which has been unmaintained for a while now (and
it's author calls it "Dead" holds much of a chance, but I doubt it would work
for the IETF in its current condition.
But have hope! The IETF serves the mailman interface over TLS, and it is an
option that you can exercise *not* to have passwords mailed to you. Go to your
membership options page, and in the group containing the option to turn off the
membership reminders, check the checkbox to make it global. Later, you can
have the password mailed to you on demand, or unsubscribe without needing a
password at all (email confirmation loop).
For everything else I'm subscribed to, if I forget my details, one click
sends a one-time password-reset link.
Passwords are never mailed out, and never shown.
Yes. Sadly this isn't possible with mailman; you will always be mailed your
password if you need it and can't remember it.
HTH.
Cheers,
Sabahattin