----- Original Message -----

From: "Phill Edwards" philledwards@gmail.com To: openldap-technical@openldap.org Sent: Monday, 1 February, 2016 9:11:16 AM Subject: Fwd: openldap.org mailing list memberships reminder I received this today and was shocked to see my password in the email. In this day and age a technology group like this should know far better than to do that. It's bad enough you keep unencrypted passwords, but then to send them our in an email is reckless and irresponsible. Regards, Phill Edwards

I agree, but it's quite common with mailing lists (or perhaps only the mailman software). Don't use valuable passwords when subscribing to lists.

This is the first time I've seen an automated and unrequested email with my password in it (I hadn't noticed the password in these email previously as the content seemed irrelevant – I wasn't even looking).

However, I do see an option on the list membership configuration page (http://www.openldap.org/lists/mm/options/openldap-technical) to disable these reminders:

"Once a month, you will get an email containing a password reminder for every list at this host to which you are subscribed. You can turn this off on a per-list basis by selecting No for this option. If you turn off password reminders for all the lists you are subscribed to, no reminder email will be sent to you."

The fact that this option defaults to On – in the middle of 10 – it's pretty lame. Options that send a password in cleartext should probably default to 'No' – yes?

- chris

From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Phill Edwards Sent: Monday, February 01, 2016 12:11 AM To: openldap-technical@openldap.org Subject: Fwd: openldap.org mailing list memberships reminder

I received this today and was shocked to see my password in the email. In this day and age a technology group like this should know far better than to do that. It's bad enough you keep unencrypted passwords, but then to send them our in an email is reckless and irresponsible.

Regards, Phill Edwards ---------- Forwarded message ---------- From: <mailman-owner@openldap.orgmailto:mailman-owner@openldap.org> Date: 1 Feb 2016 4:24 PM Subject: openldap.orghttp://openldap.org mailing list memberships reminder To: <philledwards@gmail.commailto:philledwards@gmail.com> Cc:

This is a reminder, sent out once a month, about your openldap.orghttp://openldap.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list.

You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, mailman-request@openldap.orgmailto:mailman-request@openldap.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions.

If you have questions, problems, comments, etc, send them to mailman-owner@openldap.orgmailto:mailman-owner@openldap.org. Thanks!

Passwords for philledwards@gmail.commailto:philledwards@gmail.com:

List Password // URL

---

openldap-technical@openldap.orgmailto:openldap-technical@openldap.org <removed> http://www.openldap.org/lists/mm/options/openldap-technical/philledwards%40g...

“This message is intended only for the use of the addressee(s) and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient(s), you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify the sender immediately.”