On Nov 2, 2012, at 3:56 PM, "John R Levine" <johnl(_at_)taugh(_dot_)com> wrote:
Why does the "mailing list memberships reminder" send passwords in the
clear?
Because that's what Mailman does. Send code.
And that's acceptable to the IETF? You're kidding me, right?
I can't speak for the IETF, but I do note that the same password notices have
been going out on the first of every month for years. You just noticed iit
now?
The mailman webUI (e.g: https://www.ietf.org/mailman/listinfo/ietf ) says:
"You may enter a privacy password below. This provides only mild security, but
should prevent others from messing with your subscription. Do not use a
valuable password as it will occasionally be emailed back to you in cleartext.
If you choose not to enter a password, one will be automatically generated for
you, and it will be sent to you once you've confirmed your subscription. You
can always request a mail-back of your password when you edit your personal
options. Once a month, your password will be emailed to you as a reminder."
W
And once again, if you think it should do something else, send code. We're
volunteers here. Assertions that it is very important for someone else to do
work that you're not prepared to do are rarely effective.
R's,
John
--
Don't be impressed with unintelligible stuff said condescendingly.
-- Radia Perlman.