Good Morning! I got a lot of mail with the tenor "It is funny that a mailing list dedicated to email security sends out passwords in the clear". The new mailing list software Mailman choosed to name there access cookies "passwords". However, the primary use of those passwords is to be able to unsubscribe from the list and manage options, like "send password reminder". The goal of the password is to make an unsubscribe attack somehat harder to mount; about all mailing list software uses a similar technique to do that and those cookies are also send in the clear. IIRC, there used to be a long discussion on the Mailman developers list about that issue a long time ago. You should be able to use Mailman driven list without the need for special software (e.g. gpg), so that very simple password thingie is something every user can understand. If it really turns out to be a problem, I can see how I can allocate some time to setup a https server for your ML management tasks and disable the password reminders. That would be an advantage for me too, because currently I have to use Lynx on the shell of the server for the admin tasks. Werner -- Werner Koch <wk@gnupg.org> GNU Privacy Guard (http://www.gnupg.org) Free Software Foundation Europe (http://www.fsfeurope.org) [Please see X-* mail header for OpenPGP key info] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 233 bytes Desc: not available Url : /pipermail/attachments/20010201/751e311a/attachment.pgp