[svlug] Mailman subscription passwords (frequently asked question)

Rick Moen rick at svlug.org
Sun Nov 2 00:32:44 PST 2014


(We get these occasionally.  BTW, greetings from Ladera Resort, Saint Lucia.)


 
Andy asked:
 
> Are you guys aware you are emailing passwords in your distributions?????
 
Dear Andy:
 
Mailman warned you to use a low-security password.  Here is the literal text
of that warning:
 
"You may enter a privacy password below. This provides only mild security, 
but should prevent others from messing with your subscription.  Do not use a
valuable password, as it will occasionally be emailed back to you in 
cleartext."
 
In any event, if you do not want your password periodically sent in a 
reminder mail, all you have to do is disable that option for your 
subscription.  Login at the listinfo page of the mailing list in question
(using, yes, your subscription password), and you can toggle off that 
setting among others.
 
Most of us, for the record, don't bother, because the worst possible 
downside risk would be someone fiddingly with our subscription options, or
(worst case, I think) unsubscribing us, but then we'd get 'you've 
unsubscribed' notices.  I suppose worse things might happen if you also use
the same passwords everywhere, like intruders using that fact to impersonate
you elsewhere on the Internet -- which is additional reason, as if you 
didn't already have plenty, to not use the same passwords for many different
things.
 
 
Not a complaint in any way, but this is a Frequently Asked Question:  You 
can often find prior discussion of matters like this by Web-searching, in 
this case by Web-searching for something like 'mailman password emailed'.
 
Thank you nonetheless for caring enough to call this to our attention.




More information about the svlug mailing list