<div dir="auto">Agree with everything you wrote. One thing I'm still not clear on is *why* you need to send password reminders monthly (or at any period). The problem of resetting password has been solved a long time ago (and relies on email!) so this feature is not really clear to me.<div dir="auto"><br></div><div dir="auto">That said, yes - I do understand I signed the EULA without reading it thoroughly :)</div><div dir="auto">My initial email was mislabeled as I thought it is the site itself that does that, and I was looking to maybe bring that to the awareness of the store owners, who might have missed it.</div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jun 6, 2019, 18:24 Michael Paoli <<a href="mailto:Michael.Paoli@cal.berkeley.edu">Michael.Paoli@cal.berkeley.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Yes, Mailman stores and sends the passwords in the clear.<br>
As far as I'm aware, that's a long established<br>
(mis-?) feature of Mailman, and though it's been oft<br>
requested to change that, as far as I'm aware they've thus<br>
far got no intention of changing it. But feel free to<br>
check/research to see if that's changed.<br>
Storing passwords in the clear - or reversibly encrypted,<br>
is considered a "bad thing" ... however, its necessary if one<br>
is going to send periodic (e.g. monthly) password reminders<br>
of the current password ... as Mailman is quite capable of.<br>
One can disable that if one wishes, and list admins can also change<br>
that or the default. But regardless, Mailman stores that in the<br>
clear. To its credit, it does explicitly tell one to not use<br>
a valuable/important password ... because, well, it stores the<br>
Mailman list passwords in the clear.<br>
<br>
Can't exactly say it didn't tell 'ya. ;-)<br>
... but folks tend to forget, often having subscribed, months,<br>
years, even decades earlier.<br>
<br>
> From: "Akkana Peck" <<a href="mailto:akkana@shallowsky.com" target="_blank" rel="noreferrer">akkana@shallowsky.com</a>><br>
> Subject: Re: [sf-lug] Anyone here had any contact with Linu xChix.org?<br>
> Date: Thu, 6 Jun 2019 15:55:24 -0600<br>
<br>
> Ehud Kaldor writes:<br>
>> i am registered on it, and it seems it's saving passwords in clear, and the<br>
>> monthly mailer daemon sends them in clear email :(<br>
>><br>
>><br>
>> This is a reminder, sent out once a month, about your <a href="http://linuxchix.org" rel="noreferrer noreferrer" target="_blank">linuxchix.org</a><br>
>> mailing list memberships. It includes your subscription info and how<br>
>> to use it to change it or unsubscribe from a list.<br>
> [ ... ]<br>
><br>
> Doesn't Mailman always do that? Every Mailman list I'm on does<br>
> things that way, and I don't even know if Mailman has any other<br>
> way of doing things. The list page mentions that explicitly:<br>
> <a href="https://www.linuxchix.org/content/join-our-email-lists-or-read-archives" rel="noreferrer noreferrer" target="_blank">https://www.linuxchix.org/content/join-our-email-lists-or-read-archives</a><br>
> as do the subscription pages for each list ("Do not use a valuable<br>
> password as it will occasionally be emailed back to you in cleartext.")<br>
><br>
> Doesn't this sf-lug list do the same thing? I don't seem to<br>
> have any saved Mailman notices for sf-lug, but svlug and balug<br>
> (as well as a zillion other technical lists I'm on) send the same<br>
> cleartext reminders.<br>
><br>
> I don't know why Mailman does things that way, but it's definitely<br>
> not a LinuxChix specific problem.<br>
><br>
> ...Akkana<br>
<br>
<br>
_______________________________________________<br>
sf-lug mailing list<br>
<a href="mailto:sf-lug@linuxmafia.com" target="_blank" rel="noreferrer">sf-lug@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer noreferrer" target="_blank">http://www.sf-lug.org/</a> <br>
</blockquote></div>