This is the first time I've seen an automated and unrequested email with my password in it (I hadn't noticed the password in these email previously as the content seemed irrelevant – I wasn't even looking).
However, I do see an option on the list membership configuration page (http://www.openldap.org/lists/mm/options/openldap-technical) to disable these reminders:
"Once a month, you will get an email containing a password reminder for every list at this host to which you are subscribed. You can turn this off on a per-list basis by selecting No for this option. If you turn off password reminders
for all the lists you are subscribed to, no reminder email will be sent to you."
The fact that this option defaults to On – in the middle of 10 – it's pretty lame. Options that send a password in cleartext should probably default to 'No' – yes?
- chris
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org]
On Behalf Of Phill Edwards
Sent: Monday, February 01, 2016 12:11 AM
To: openldap-technical@openldap.org
Subject: Fwd: openldap.org mailing list memberships reminder
I received this today and was shocked to see my password in the email. In this day and age a technology group like this should know far better than to do that. It's bad enough you keep unencrypted passwords, but then to send them our in an email is reckless
and irresponsible.
Regards,
Phill Edwards
---------- Forwarded message ----------
From: <mailman-owner@openldap.org>
Date: 1 Feb 2016 4:24 PM
Subject: openldap.org mailing list memberships reminder
To: <philledwards@gmail.com>
Cc:
> This is a reminder, sent out once a month, about your
openldap.org
> mailing list memberships. It includes your subscription info and how
> to use it to change it or unsubscribe from a list.
>
> You can visit the URLs to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery
> or disabling delivery altogether (e.g., for a vacation), and so on.
>
> In addition to the URL interfaces, you can also use email to make such
> changes. For more info, send a message to the '-request' address of
> the list (for example, mailman-request@openldap.org) containing just
> the word 'help' in the message body, and an email message will be sent
> to you with instructions.
>
> If you have questions, problems, comments, etc, send them to
> mailman-owner@openldap.org. Thanks!
>
> Passwords for philledwards@gmail.com:
>
> List Password // URL
> ---- --------
> openldap-technical@openldap.org <removed>
>
http://www.openldap.org/lists/mm/options/openldap-technical/philledwards%40gmail.com