Topics

How to disable emailed reminders with the mailing list password


David A. Wheeler
 

All:

 

FYI:  This mailing list is managed by the Linux Foundation using mailman.  By default, mailman sends a reminder message every month that includes your mailing list password (unique to each user and each list).  To our very NON-delight, that means a password is sent in the clear every month :-(.

 

The LF is well aware that the password security on mailman mailing lists is terrible.  However, the LF can't switch to Google Groups because it is inaccessible in China.  There are plans to implement better security for all its mailing lists, and that should solve the problem.  However, I don’t know when that will happen.

 

What you *can* do right now, if you’d like, is disable the monthly reminder. Go to:

  https://lists.coreinfrastructure.org/mailman/options/cii-badges

Log in, and go to “Get password reminder email for this list?”.  Select “no”, and push the button at the bottom “Submit my changes”.  Done!

 

In many cases email is transferred using an encrypted channel (TLS), which at least protects the email in motion (though not at rest).  I don’t know for certain if that’s true in this case; if someone can confirm or deny, that’d be great.  Password reset emails from the BadgeApp itself *are* encrypted in motion, when we can manage it, but that’s separate from this cii-badges mailing list.

 

I hope that helps…!

 

--- David A. Wheeler