gnupg.org mailing list memberships reminder

[Dan Harkless]

Frank Tobin <ftobin@uiuc.edu> writes:
> Dan Harkless, at 18:58 -0800 on Wed, 31 Jan 2001, wrote:
> 
>     Gotta love a mailing list devoted to email security that sends your password
>     to you in cleartext once a month whether you like it or not.  I assume
>     there's still no way to turn this off in mailman?  (I last asked a few years
>     ago.)
> 
> First of all, the mailing list is not devoted to email security.  Anyone
> who thinks OpenPGP is limited to email needs to re-think what it's good
> for.

You're splitting hairs.  It's devoted to email security (among other things).

> When it comes to public mailing lists, the most important thing is to have
> the least frustration for the end users and easiest management for the
> administration.  While it does have the offset of lowering security, I
> feel that in the end it provides for a much better experience of the
> majority of end-users and administration to have monthly reminders.

I don't think the challenge/response type of unsubscribing is any more
frustrating, and it's certainly more secure.

> There are multiple levels of security, and your email-subscriptions to
> public mailing lists should really rank way down at the bottom of the
> list.

Yes, but there's no reason for them to be less secure than necessary.  I
won't bother to list them, but there are certainly scenarios where someone
getting your gnupg-{announce,users} passwords could have bad consequences.

--
Dan Harkless
SpeedGate Communications, Inc.