On Fri, 2006-05-12 at 16:48 -0400, William L. Maltby wrote: > On Fri, 2006-05-12 at 20:47 +0100, Karanbir Singh wrote: > > William L. Maltby wrote: > > > Putting a password, regardless of source, into a "probe", which by its > > > very existence seems to have a higher likelihood of interception, seems > > > foolish. If there is a problem along the intermediate steps (if any) and > > > somebody is examining stuff, for righteous or nefarious reasons, ... > > > > > > > the passwd is sent to the email address its meant for. if you have > > If you have to send a probe, does this not raise the possibility that > the email is being diverted? If so, the fact that it's sent to... > doesn't provide much feeling of security. > > But I *am* and amateur at this security stuff and buzzwords like "man- > in-the-middle" may just cause excess trepidation in me. Anyway, that's > what caused me to raise the question. > > I don't even like it that your (CentOS's) monthly reminder to me is sent > with password unencrypted... and I am the only user here. If I could > post my public key and have that monthly reminder encrypted, I'd do it. > You can turn it off in your preferences for the list in mailman: http://lists.centos.org/mailman/options/centos > > access to emails being sent to that address, its sort of academic > > getting the passwd anyway ( click on forgot passwd, new passwd emailed > > out ...etc ) > > Well, it's too bad that we can't make all access via SS* w/no passwords > required. But a new one-time-only-use password (IOW, it must be changed > on first use and w/i a specified time interval) isn't too bad. > We didn't write mailman ... nor did we write the probe e-mail that it sends. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060512/178ec670/attachment-0005.sig>