Ah I see. That said, this email wasn't a password reminder. It was a "your membership has been disabled" email. On Fri, Jun 15, 2018 at 2:36 PM, Keith Keller < kkeller at wombat.san-francisco.ca.us> wrote:> On 2018-06-15, rj coleman <rjcdevelop at gmail.com> wrote: > > Am I the only one who just received this email from this group? Which > came with my password in the email in plain text? > > This is a standard feature of GNU Mailman. You can disable the monthly > password reminder in your user preferences (which is the same place you > can change your password, if you are concerned that it was sniffed > during the SMTP exchange). > > The Mailman signup page warns you that the password will be emailed: > > "You may enter a privacy password below. This provides only mild > security, but should prevent others from messing with your subscription. > Do not use a valuable password as it will occasionally be emailed back > to you in cleartext." > > --keith > > -- > kkeller at wombat.san-francisco.ca.us > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
WRT mailing the password in clear text .. how else would it mail it? Mailman does not store any kind of encryption keys for email, and frankly, most people don't know how to use encrypted email. This list probably has a (much) higher percentage of people who would know how to use encrypted mail (ie, Linux users .. who are more computer literate than the average person). But, I don't think mailman has sending administrative mails to users encrypted as an option. WRT this issue .. several hundred gmail accounts (and few other accounts) were disabled at a specific time today. We don't yet know exactly why this happened and before we mass reenable the accounts, we need to make sure it is not going to happen again. Since so many of the mails are gmail.com accounts, this has to be something that gmail did today at 1530 GMT (when all the accounts were disabled) and the mails were sent). We will try to figure out exactly what happened and get everything back to normal as soon as we can. Thanks, Johnny Hughes On 06/15/2018 02:32 PM, rebecca coleman wrote:> Ah I see. That said, this email wasn't a password reminder. It was a > "your membership has been disabled" email. > > On Fri, Jun 15, 2018 at 2:36 PM, Keith Keller < > kkeller at wombat.san-francisco.ca.us> wrote: > >> On 2018-06-15, rj coleman <rjcdevelop at gmail.com> wrote: >>> Am I the only one who just received this email from this group? Which >> came with my password in the email in plain text? >> >> This is a standard feature of GNU Mailman. You can disable the monthly >> password reminder in your user preferences (which is the same place you >> can change your password, if you are concerned that it was sniffed >> during the SMTP exchange). >> >> The Mailman signup page warns you that the password will be emailed: >> >> "You may enter a privacy password below. This provides only mild >> security, but should prevent others from messing with your subscription. >> Do not use a valuable password as it will occasionally be emailed back >> to you in cleartext." >> >> --keith-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20180615/9440a389/attachment-0001.sig>
On Fri, 15 Jun 2018 17:44:47 -0500 Johnny Hughes <johnny at centos.org> wrote:> WRT mailing the password in clear text .. how else would it mail it? > > Mailman does not store any kind of encryption keys for email, and > frankly, most people don't know how to use encrypted email. This list > probably has a (much) higher percentage of people who would know how > to use encrypted mail (ie, Linux users .. who are more computer > literate than the average person). But, I don't think mailman has > sending administrative mails to users encrypted as an option. > > WRT this issue .. several hundred gmail accounts (and few other > accounts) were disabled at a specific time today. We don't yet know > exactly why this happened and before we mass reenable the accounts, we > need to make sure it is not going to happen again. > > Since so many of the mails are gmail.com accounts, this has to be > something that gmail did today at 1530 GMT (when all the accounts were > disabled) and the mails were sent). > > We will try to figure out exactly what happened and get everything > back to normal as soon as we can.see here: https://investorplace.com/2016/09/gmail-down-outage-googl-goog-stock/ d> > Thanks, > Johnny Hughes > > On 06/15/2018 02:32 PM, rebecca coleman wrote: >
> On Jun 15, 2018, at 6:44 PM, Johnny Hughes <johnny at centos.org> wrote: > > WRT mailing the password in clear text .. how else would it mail it?For this communication, not at all. The password was totally unnecessary. If I?d requested to have it sent, however, I now understand this system will email plain text passwords rather than a reset link etc. All good. And good luck sorting out what happened today!