Tyler Smith <tyler.sm...@eku.edu> writes: > Ben Finney <ben+em...@benfinney.id.au> writes: > > > A large part of my reason for reading via Gmane is to avoid yet > > another set of authentication credentials. Especially one that I > > never use; that's a security nightmare waiting to happen. So I'm not > > interested in increasing my security exposure by making a Mailman > > account on yet another site. > > Yikes! What nightmare awaits those of us who've foolishly gone ahead > and subscribed? What's my exposure, beyond some nefarious cracker > impersonating me on emacs-orgmode?
The assumption here is that logging into the mailing list account is something done infrequently to never for any given user. That's certainly the case for just about any list I've subscribed to. For an infrequently-to-never used passphrase, one of two things is the case: either it's unique, or it is identical to the passphrase that accesses some other set of services for the user. Since it's an infrequently-to-never accessed service, it's an unreasonable burden to expect the user to maintain unique passphrases for every such service. If for this list, why not for every such list? So what usually ends up happening is they're identical for a given person across many different services. But the more that's the case, the greater the exposure: any one of those services could manage their security poorly, or simply be unlucky enough to attract a bored and/or motivated cracker; and a compromise on any one of them removes any expectation of security on any of the rest of the services where the user has the same passphrase. The sensible policy, therefore, is to cull the proliferation of such passphrase-requiring infrequently-to-never-accessed accounts. Which, in turn, means saying a polite “no thank you” to most requests to set up new accounts. -- \ “The greatest tragedy in mankind's entire history may be the | `\ hijacking of morality by religion.” —Arthur C. Clarke, 1991 | _o__) | Ben Finney _______________________________________________ Emacs-orgmode mailing list Please use `Reply All' to send replies to the list. Emacs-orgmode@gnu.org http://lists.gnu.org/mailman/listinfo/emacs-orgmode
