[CentOS] CentOS mailing list probe message (fwd)

Fri May 12 20:48:56 UTC 2006
William L. Maltby <BillsCentOS at triad.rr.com>

On Fri, 2006-05-12 at 20:47 +0100, Karanbir Singh wrote:
> William L. Maltby wrote:
> > Putting a password, regardless of source, into a "probe", which by its
> > very existence seems to have a higher likelihood of interception, seems
> > foolish. If there is a problem along the intermediate steps (if any) and
> > somebody is examining stuff, for righteous or nefarious reasons, ...
> > 
> 
> the passwd is sent to the email address its meant for. if you have

If you have to send a probe, does this not raise the possibility that
the email is being diverted? If so, the fact that it's sent to...
doesn't provide much feeling of security.

But I *am* and amateur at this security stuff and buzzwords like "man-
in-the-middle" may just cause excess trepidation in me. Anyway, that's
what caused me to raise the question.

I don't even like it that your (CentOS's) monthly reminder to me is sent
with password unencrypted... and I am the only user here. If I could
post my public key and have that monthly reminder encrypted, I'd do it.

> access to emails being sent to that address, its sort of academic
> getting the passwd anyway ( click on forgot passwd, new passwd emailed
> out ...etc )

Well, it's too bad that we can't make all access via SS* w/no passwords
required. But a new one-time-only-use password (IOW, it must be changed
on first use and w/i a specified time interval) isn't too bad.

> 
> - KB
> 
-- 
Bill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060512/8afdc355/attachment-0005.sig>