gnupg.org mailing list memberships reminder
Dan Harkless
gnupg@dilvish.speed.net
Fri Feb 2 01:40:04 2001
Frank Tobin <ftobin@uiuc.edu> writes:
> Dan Harkless, at 18:58 -0800 on Wed, 31 Jan 2001, wrote:
>
> Gotta love a mailing list devoted to email security that sends your password
> to you in cleartext once a month whether you like it or not. I assume
> there's still no way to turn this off in mailman? (I last asked a few years
> ago.)
>
> First of all, the mailing list is not devoted to email security. Anyone
> who thinks OpenPGP is limited to email needs to re-think what it's good
> for.
You're splitting hairs. It's devoted to email security (among other things).
> When it comes to public mailing lists, the most important thing is to have
> the least frustration for the end users and easiest management for the
> administration. While it does have the offset of lowering security, I
> feel that in the end it provides for a much better experience of the
> majority of end-users and administration to have monthly reminders.
I don't think the challenge/response type of unsubscribing is any more
frustrating, and it's certainly more secure.
> There are multiple levels of security, and your email-subscriptions to
> public mailing lists should really rank way down at the bottom of the
> list.
Yes, but there's no reason for them to be less secure than necessary. I
won't bother to list them, but there are certainly scenarios where someone
getting your gnupg-{announce,users} passwords could have bad consequences.
--
Dan Harkless
SpeedGate Communications, Inc.