Thomas Goirand <tho...@goirand.fr> writes: >> dtc sends the password of new users to the webmaster: [...] >> This mail is not encrypted. > > Most of the time, the receiving server would be the same server > receiving the email. If that's not the case, then the admin is free to > setup encryption (and maybe auth) between the 2 SMTP servers.
So it's "maybe" secure? And it doesn't help against compromise of the host where mails are stored. >> I also don't see any reason why the >> webmaster should even know the password... > > The reason is very simple: anti-fraud. Many times, you see the same > hacker registering with the same password, and it helps detecting it. > Also, you want the admin to see the weakest password to be able to do a > bit of policing. This really is one of the worst reasons I have ever seen... Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
