[Mailman-Developers] Hashing member passwords in config.pck
Thomas Hochstein
ml at ancalagon.inka.de
Sat Feb 12 11:33:54 CET 2005
"Bob Puff" schrieb:
> I don't see a problem limiting the passwords to private archives though. Yes,
> email authentication is perfect for subscription changes.
I don't think so. I'd prefer to change options *immediately*, without
having to wait until I get my mail (partly via UUCP).
Changing options per mail (with a passwort in it) is fine. But the
possibility to change options on the web is even better, and I do
think that's a reason for Mailman's success [1]: you don't have to be
able to get your mail or to send mail, you just can do it on the web,
from everywhere, public computers, workplace, and the like. You can
even "read" the list via the archives, if you're interested.
I fail to see a reason why we should change that to slow, cumbersome a
challenge-response system for *every* change you make.
So, I'm fine with an "password-less" option for those who don't want
to remember passwords or who think passwords are not safe enough (as
the connection may not be encrypted), but please, do make it an
*option*.
-thh
[1] For me, it was one of the reasons to switch from ecartis to
mailman.
More information about the Mailman-Developers
mailing list