As long as the password isn't used elsewhere, it's not a huge deal - security savvy users probably just use a throwaway password. The main threat here is if you are reusing passwords.
Preset passwords might be a good idea, but I think in the grand scheme of things, it's a minor issue. Is this behavior that is easily changed in Mailman? -- Greg Norcie (g...@norcie.com) GPG key: 0x1B873635 On 11/9/12 8:25 PM, and...@torproject.is wrote: > On Fri, Nov 09, 2012 at 06:09:36PM -0500, mfi...@mfisch.com wrote 0.7K bytes > in 16 lines about: > : Upon signing up for the mailing list on the list server, my password was > emailed to me in plaintext. In the year 2012 this is extremely bad security > practice. At the very least the sign-up page should warn users to make the > password unique. > > Right. This is the default mailman process. Getting mailman to improve > their defaults hasn't worked so far. > > : The password may also be stored in reverseable format. > : > : I used a unique random password for this mailing list, I'm going to guess > however a significant portion of the mailing list either uses this password > in other locations, a significant subset of them probably can't trust their > mailbox to be secure. > > A significant number of people join via email, not the web interface, > and therefore mailman picks a password for them. > > What's more secure mailing list software that is in debian repos and works > for non-technical users? > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
