But I still find it too complex; we should get rid of the password thing.
People just nedd to know where they can see more options.
I've been thinking a bunch about this since it was mentioned as a security problem a while back, and the more I think about it, the more I like the idea of not having passwords for regular users. (Or having it possible for admins to disable passwords for regular users.)
I was thinking that it'd be best replaced with timed email-authorization things, the way you can currently unsubscribe without a password. I don't know how long the timeout on those things are, but having it send you an email with a link to the archives or your options seems feasible. Having the links only be valid for a given time (say, an hour?) would reduce the threat of dictionary attacks *and* mean that more users can figure out how to do things on their own. ;)
Terri
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
