From: Ben Finney <ben+emacs@benfinney.id.au>
To: emacs-orgmode@gnu.org
Subject: Re: Gmane readers - please subscribe
Date: Tue, 27 Apr 2010 20:02:50 +1000 [thread overview]
Message-ID: <87ljc9jjqt.fsf@benfinney.id.au> (raw)
In-Reply-To: 87k4rtod4o.fsf@eku238261.eku.edu
Tyler Smith <tyler.smith@eku.edu> writes:
> Ben Finney <ben+emacs@benfinney.id.au> writes:
>
> > A large part of my reason for reading via Gmane is to avoid yet
> > another set of authentication credentials. Especially one that I
> > never use; that's a security nightmare waiting to happen. So I'm not
> > interested in increasing my security exposure by making a Mailman
> > account on yet another site.
>
> Yikes! What nightmare awaits those of us who've foolishly gone ahead
> and subscribed? What's my exposure, beyond some nefarious cracker
> impersonating me on emacs-orgmode?
The assumption here is that logging into the mailing list account is
something done infrequently to never for any given user. That's
certainly the case for just about any list I've subscribed to.
For an infrequently-to-never used passphrase, one of two things is the
case: either it's unique, or it is identical to the passphrase that
accesses some other set of services for the user.
Since it's an infrequently-to-never accessed service, it's an
unreasonable burden to expect the user to maintain unique passphrases
for every such service. If for this list, why not for every such list?
So what usually ends up happening is they're identical for a given
person across many different services. But the more that's the case, the
greater the exposure: any one of those services could manage their
security poorly, or simply be unlucky enough to attract a bored and/or
motivated cracker; and a compromise on any one of them removes any
expectation of security on any of the rest of the services where the
user has the same passphrase.
The sensible policy, therefore, is to cull the proliferation of such
passphrase-requiring infrequently-to-never-accessed accounts. Which, in
turn, means saying a polite “no thank you” to most requests to set up
new accounts.
--
\ “The greatest tragedy in mankind's entire history may be the |
`\ hijacking of morality by religion.” —Arthur C. Clarke, 1991 |
_o__) |
Ben Finney
next prev parent reply other threads:[~2010-04-27 10:03 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-26 6:19 Gmane readers - please subscribe Carsten Dominik
2010-04-26 20:43 ` Mikael Fornius
2010-04-27 0:16 ` Ben Finney
2010-04-27 2:14 ` Tyler Smith
2010-04-27 10:02 ` Ben Finney [this message]
2010-04-27 12:04 ` Sebastian Rose
2010-04-27 13:51 ` Ben Finney
2010-04-27 18:22 ` Manish Sharma
2010-04-27 13:15 ` Tyler Smith
2010-04-27 13:16 ` Tim Landscheidt
2010-04-27 14:05 ` Nick Dokos
2010-04-27 15:28 ` Andreas Burtzlaff
2010-04-27 15:51 ` Sebastian Rose
2010-04-27 22:53 ` Ben Finney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ljc9jjqt.fsf@benfinney.id.au \
--to=ben+emacs@benfinney.id.au \
--cc=emacs-orgmode@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).