[Mailman-Users] subscribing without password, default password
Barry A. Warsaw
barry at digicool.com
Tue Jun 26 00:49:31 CEST 2001
>>>>> "PS" == Pekka Savola <pekkas at netcore.fi> writes:
PS> The listinfo page requires subscribers hit in a password when
PS> joining. I feel this is counter-productive.
PS> IMO, it would be better to _always_ generate passwords. This
PS> way they're truly random, aren't "valuable" and the user
PS> doesn't have to think about it.
PS> Consider: the user does _not_ want to know his password (I
PS> don't!). If he needs to unsubscribe or the like, he can just
PS> order the password mailed to him, or get it from regular
PS> reminders.
PS> ==> The listinfo page should be revised a bit on the
PS> passwords
Some users want to supply their passwords so that if they are
subscribed to a dozen lists, they won't have to remember a dozen
passwords (or change them a dozen times). MM2.1 makes this optional;
leave the fields blank when subscribing and it'll generate a random
password for you.
PS> 2)
PS> When I subscribed to a list using a message to
PS> "listname-request at domain.com", the password was set to
PS> "listname" (noticed when ordered my password to be sent over).
PS> ==> Shouldn't default email password be randomized?
Uh, yeah! :) I've not seen this behavior.
PS> 3)
PS> Several Linux distributions compile mailman with non-fixed
PS> uid/gid, preferring to use user/groupname, and leave the
PS> decision about uid/gid to install phase.
PS> This causes problems in Defaults.py MAILMAN_UID and
PS> MAILMAN_GID.
PS> I have only seen a real problem with this in check_perms
PS> script, the code of which isn't too robust:
| ---
| try:
| MAILMAN_GRPNAME = grp.getgrgid(MAILMAN_GID)[0]
| except KeyError:
| MAILMAN_GRPNAME = '<anon gid %d>' % MAILMAN_GID
| try:
| MAILMAN_OWNER = pwd.getpwuid(MAILMAN_UID)[0]
| except KeyError:
| MAILMAN_OWNER = 'uid %d' % MAILMAN_UID
| ---
PS> So, GID and UID must be used, not the names.
PS> ==> would it make sense to be able to use symbolic names
PS> everywhere (perhaps being able to override these in Default.py
PS> by MAILMAN_GRPNAME etc.)?
Probably so. Patches are welcome. :)
PS> (about 1) and 2))
PS> Perhaps there are some conflicting goals here, the current
PS> method being better for those who want to be better able to
PS> unsubscribe when they no longer have access to the mailbox
PS> they want to unsubscribe from mailing-lists.
PS> Any thoughts, or is there something I've missed?
-Barry
More information about the Mailman-Users
mailing list