Excerpts from Roger Dingledine's message of Fri Nov 09 18:41:06 -0500 2012: > On Fri, Nov 09, 2012 at 06:09:36PM -0500, Matthew Fisch wrote: > > I used a unique random password for this mailing list, I'm going to > >guess however a significant portion of the mailing list either uses this > >password in other locations, a significant subset of them probably can't > >trust their mailbox to be secure. > > I won't use the phrase "industry standard mailing list software" because > I hate it when other people use that phrase. But really, this is how > every free-software mailing list system works these days. > > I'd be surprised if more than a trivial number of users on the Tor > lists picked a password at all. Typically people just let it choose > a random password for them, and it's nice to have that reminder sent > monthly because nobody ever knows their list password (for good reason -- > there's barely a need to have a password for a mailing list subscription > in the first place). > > Maybe we should find a way to wrestle it into not letting you pick a > password for yourself?
What I've done for this is to simply remove the password fields from the form. Then it autoassigns you a password. You can see that here: http://lists.acm.jhu.edu/mailman/listinfo/acm (Viewing the source, I see what I did instead was to put it in an HTML comment.) I brought that trick with me to other domains, e.g. http://lists.openhatch.org/mailman/listinfo/devel Contrast with e.g. https://mail.gnome.org/mailman/listinfo/asia-summit-list where the password form is visible. It's fairly simple edit to the default mailman template, as I recall, and these changes I made have successfully stuck around across upgrades and more. Users will still need to use the list password to do things like change one's email address on the list and a few other obscure things. My hack is just a UI fix that papers over the deep insanity of Mailman passwords, and I rank it quite high for cost-effectiveness. So please consider it! I hope it fits y'all's needs. -- Asheesh. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
