[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Orgmode] Re: Gmane readers - please subscribe
|
From: |
Tim Landscheidt |
|
Subject: |
[Orgmode] Re: Gmane readers - please subscribe |
|
Date: |
Tue, 27 Apr 2010 13:16:34 +0000 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) |
Ben Finney <address@hidden> wrote:
>> > A large part of my reason for reading via Gmane is to avoid yet
>> > another set of authentication credentials. Especially one that I
>> > never use; that's a security nightmare waiting to happen. So I'm not
>> > interested in increasing my security exposure by making a Mailman
>> > account on yet another site.
>> Yikes! What nightmare awaits those of us who've foolishly gone ahead
>> and subscribed? What's my exposure, beyond some nefarious cracker
>> impersonating me on emacs-orgmode?
> The assumption here is that logging into the mailing list account is
> something done infrequently to never for any given user. That's
> certainly the case for just about any list I've subscribed to.
> For an infrequently-to-never used passphrase, one of two things is the
> case: either it's unique, or it is identical to the passphrase that
> accesses some other set of services for the user.
> Since it's an infrequently-to-never accessed service, it's an
> unreasonable burden to expect the user to maintain unique passphrases
> for every such service. If for this list, why not for every such list?
> So what usually ends up happening is they're identical for a given
> person across many different services. But the more that's the case, the
> greater the exposure: any one of those services could manage their
> security poorly, or simply be unlucky enough to attract a bored and/or
> motivated cracker; and a compromise on any one of them removes any
> expectation of security on any of the rest of the services where the
> user has the same passphrase.
> The sensible policy, therefore, is to cull the proliferation of such
> passphrase-requiring infrequently-to-never-accessed accounts. Which, in
> turn, means saying a polite “no thank you” to most requests to set up
> new accounts.
The common policy, however, is that you subscribe to the
mailing list with the defaults, use the automatically gener-
ated password to set the "account" to "no mail" and never
bother again. Some mailing lists will send you a reminder of
your "account"'s subscriptions once a month, some not even
that. And should you really ever need to access your "ac-
count"'s configuration, you can always use the "lost pass-
word" link.
Tim
- [Orgmode] Gmane readers - please subscribe, Carsten Dominik, 2010/04/26
- [Orgmode] Re: Gmane readers - please subscribe, Mikael Fornius, 2010/04/26
- [Orgmode] Re: Gmane readers - please subscribe, Ben Finney, 2010/04/26
- Re: [Orgmode] Re: Gmane readers - please subscribe, Nick Dokos, 2010/04/27
- [Orgmode] Re: Gmane readers - please subscribe,
Tim Landscheidt <=
- [Orgmode] Re: Gmane readers - please subscribe, Tyler Smith, 2010/04/27
- Re: [Orgmode] Re: Gmane readers - please subscribe, Andreas Burtzlaff, 2010/04/27
- Re: [Orgmode] Re: Gmane readers - please subscribe, Sebastian Rose, 2010/04/27
- [Orgmode] Re: Gmane readers - please subscribe, Ben Finney, 2010/04/27