On Fri, 2006-05-12 at 16:48 -0400, William L. Maltby wrote:
On Fri, 2006-05-12 at 20:47 +0100, Karanbir Singh wrote:
William L. Maltby wrote:
Putting a password, regardless of source, into a "probe", which by its very existence seems to have a higher likelihood of interception, seems foolish. If there is a problem along the intermediate steps (if any) and somebody is examining stuff, for righteous or nefarious reasons, ...
the passwd is sent to the email address its meant for. if you have
If you have to send a probe, does this not raise the possibility that the email is being diverted? If so, the fact that it's sent to... doesn't provide much feeling of security.
But I *am* and amateur at this security stuff and buzzwords like "man- in-the-middle" may just cause excess trepidation in me. Anyway, that's what caused me to raise the question.
I don't even like it that your (CentOS's) monthly reminder to me is sent with password unencrypted... and I am the only user here. If I could post my public key and have that monthly reminder encrypted, I'd do it.
You can turn it off in your preferences for the list in mailman: http://lists.centos.org/mailman/options/centos
access to emails being sent to that address, its sort of academic getting the passwd anyway ( click on forgot passwd, new passwd emailed out ...etc )
Well, it's too bad that we can't make all access via SS* w/no passwords required. But a new one-time-only-use password (IOW, it must be changed on first use and w/i a specified time interval) isn't too bad.
We didn't write mailman ... nor did we write the probe e-mail that it sends.