[Mailman-Users] Firefox password issue (was: Re: Hijacking threads and netiquette ... )

[Brad Knowles]

At 4:17 PM -0500 2006-09-05, David Dyer-Bennet wrote:

>  Now *that* really pissed me off.  The page linked from the "help"
>  button on the FAQ edit page says "What is the password? The webmaster
>  will tell you the password if you ask nicely."

Right.  In private e-mail, not on a public forum.

Moreover, the password is displayed at the bottom of every one of those pages.

>                                                  I really don't much
>  like scavenger-hunt-as-security-metaphor, but maybe that help should
>  be updated somehow to suggest the real situation more accurately.

Security through obscurity is not my favourite solution, either.  But 
this method has been enough to keep the worst of the spammers out so 
far, and with the wiki already being in place and working, I don't 
imagine that anyone is going to be going back to the old FAQ Wizard 
code and hacking that up to work in a different way.

However, that's a standard Python FAQ Wizard which is used by 
multiple other projects and not just Mailman, so maybe you could talk 
to the authors of that tool and suggest some alternatives.

>  I'll be updating the new FAQ with one more point, the Firefox bug
>  number (closed for 2.0) referring to this problem, and posting it
>  shortly.  Unless yet *another* booby-trap trips me up yet *again*.

I'll keep an eye out for it.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  Founding Individual Sponsor of LOPSA.  See <http://www.lopsa.org/>.