[Dirvish] Re: dirvish.org mailing list memberships reminder

Keith Lofstrom keithl at kl-ic.com
Sat Jan 1 21:23:44 PST 2005


On Sat, Jan 01, 2005 at 07:19:49PM -0800, Steve Ramage wrote:
> How about not having our passwords sent it plain text to us every month?
> 
> I mean I know it said not to give an important password cause it 'might' 
> be mailed back to you, which is silly, if you forget your password it 
> should be reset, not emailed back, and definantly not e-mailed to us 
> every month imho. I know that theoretically there is no difference 
> between this and sending it only when I ask, but I think this needlessly 
> advertises it, and at the very least does nothing, but at the most does 
> make it less secure.

This is the default Mailman package behavior, and basically is designed
so that lazy list administrators like me don't have to do as much hand
holding.  The password you use should be a minimal security password,
more like a suitcase lock than a 7 tumbler bank vault.  Not much is lost
if some prankster gets a hold of your password, and screws with your
configuration.  As List Lackey, I just fix things, iptables out the
prankster's site, and send out a Dirvish Secret Police squad to do
gruesome and nasty things to the miscreant.

However, Steve has a good point - some folks are good at remembering
passwords, or use one password for everything, or ... in any case, 
they don't want the password sent out.  Fortunately, there IS a 
per-user configuration option in Mailman.  

You should all use those publically revealed passwords you just got,
and go to the mailing list member options login page:

http://www.dirvish.org/mailman/options/dirvish

Enter your address and password, and the options page will appear, 
with all sorts of tantalizing opportunities for mischief.  Among
the grey option boxes starting halfway down the page, is this one,
about number 6:

-----------------------------------------------------------------------
Get password reminder email for this list?

Once a month, you will get an email containing a password reminder for
every list at this host to which you are subscribed. You can turn this
off on a per-list basis by selecting No for this option. If you turn
off password reminders for all the lists you are subscribed to, no
reminder email will be sent to you
-----------------------------------------------------------------------

If you do NOT want the default password mailout, change the checkbox
to "No" and submit.

I am going to leave the default behavior to monthly password mailout,
because I am still lazy.  However, to protect people who did not read
the fine print about this behavior, I will add additional big-print
words to the signup message reminding people to LOOK AT THOSE OPTIONS. 
Mailman is a very powerful and configurable tool, and a lot of mailing
lists use it, so deciding how to set your options will help you with
many other lists.

Steve, thanks again for pointing this out!  I hope my answer, if not
exactly what you asked for, will give you what you need.

Keith

-- 
Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs


More information about the Dirvish mailing list