> Actually, it's only *your* password that's being emailed in the clear. It's 
> punishment for failing to observe the first rule of this list, which is DO 


1. I don't know what "top post" means, and I see nothing here about it: 

2. The password was sent to me as part of a poorly configured mailing list bot, 
not any sort of "punishment".

3. Even if it was sent to me as "punishment", that is retarded.

> If you don't like the way this list is run, you are welcome to unsubscribe.

Yeah, I know. I might do that, as seeing the response to my request has 
convinced me there's little worth reading here anyway.

> The person running this list knows his job very well, and I'd suggest you be 
> a bit more respectful of him.

What did I say that you feel was disrespectful? That he's failing at his job? 
That's not disrespectful, that's my opinion based on the fact that he is 
choosing to mail people their list passwords in the clear.

Running a mailing list is not hard work. There are only so many things one can 
fuck up. This is probably one of the biggest mistakes that can be made in 
running a mailing list, and on a list that's about software security. It's just 

A mailing list shouldn't have any passwords to begin with. There is no need for 
passwords, and it shouldn't be possible for anyone to unsubscribe anyone else.

User: Unsubscribe [EMAIL] -> Server
Server: Are you sure? -> [EMAIL]
User@[EMAIL]: YES! -> Server.

No passwords, and no fake unsubscribes.

- Greg

Please do not email me anything that you are not comfortable also sharing with 
the NSA.

On Oct 1, 2013, at 4:56 PM, John Ioannidis <j...@tla.org> wrote:

> On Tue, Oct 1, 2013 at 12:56 PM, Greg <g...@kinostudios.com> wrote:
> There is nothing difficult about the right course of action here: Don't send 
> the password. Disable this silly default.
> The attitude expressed in these replies is a disgrace to the profession of 
> software security, and a disgrace to the list.
> It doesn't matter whether or not I "should" be using a unique password. I 
> might not be, and even if I am, a nerd next to me shouldn't be able to change 
> my subscription settings because of the listserv's idiotic setting.
> It is NOT the user's responsibility to compensate for the incompetence of sys 
> admins or software developers. They are the ones who are failing their jobs.
> Actually, it's only *your* password that's being emailed in the clear. It's 
> punishment for failing to observe the first rule of this list, which is DO 
> If you don't like the way this list is run, you are welcome to unsubscribe. 
> The password for unsubscribing has been already emailed to you. The person 
> running this list knows his job very well, and I'd suggest you be a bit more 
> respectful of him.
> /ji

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

The cryptography mailing list

Reply via email to