From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tim Landscheidt Subject: Re: Gmane readers - please subscribe Date: Tue, 27 Apr 2010 13:16:34 +0000 Message-ID: References: <87wrvtkawl.fsf@benfinney.id.au> <87k4rtod4o.fsf@eku238261.eku.edu> <87ljc9jjqt.fsf@benfinney.id.au> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1O6keg-0007ZN-GP for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 09:16:50 -0400 Received: from [140.186.70.92] (port=33818 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1O6kee-0007YW-Vm for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 09:16:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1O6ked-0001hC-Cj for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 09:16:48 -0400 Received: from lo.gmane.org ([80.91.229.12]:60586) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1O6ked-0001h0-2k for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 09:16:47 -0400 Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1O6kea-0005Bs-3R for emacs-orgmode@gnu.org; Tue, 27 Apr 2010 15:16:44 +0200 Received: from e177123006.adsl.alicedsl.de ([85.177.123.6]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 27 Apr 2010 15:16:44 +0200 Received: from tim by e177123006.adsl.alicedsl.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 27 Apr 2010 15:16:44 +0200 List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: emacs-orgmode@gnu.org Ben Finney wrote: >> > A large part of my reason for reading via Gmane is to avoid yet >> > another set of authentication credentials. Especially one that I >> > never use; that's a security nightmare waiting to happen. So I'm not >> > interested in increasing my security exposure by making a Mailman >> > account on yet another site. >> Yikes! What nightmare awaits those of us who've foolishly gone ahead >> and subscribed? What's my exposure, beyond some nefarious cracker >> impersonating me on emacs-orgmode? > The assumption here is that logging into the mailing list account is > something done infrequently to never for any given user. That's > certainly the case for just about any list I've subscribed to. > For an infrequently-to-never used passphrase, one of two things is the > case: either it's unique, or it is identical to the passphrase that > accesses some other set of services for the user. > Since it's an infrequently-to-never accessed service, it's an > unreasonable burden to expect the user to maintain unique passphrases > for every such service. If for this list, why not for every such list? > So what usually ends up happening is they're identical for a given > person across many different services. But the more that's the case, the > greater the exposure: any one of those services could manage their > security poorly, or simply be unlucky enough to attract a bored and/or > motivated cracker; and a compromise on any one of them removes any > expectation of security on any of the rest of the services where the > user has the same passphrase. > The sensible policy, therefore, is to cull the proliferation of such > passphrase-requiring infrequently-to-never-accessed accounts. Which, in > turn, means saying a polite “no thank you” to most requests to set up > new accounts. The common policy, however, is that you subscribe to the mailing list with the defaults, use the automatically gener- ated password to set the "account" to "no mail" and never bother again. Some mailing lists will send you a reminder of your "account"'s subscriptions once a month, some not even that. And should you really ever need to access your "ac- count"'s configuration, you can always use the "lost pass- word" link. Tim