In article <20020415113001.GA12632@firedrake.org>, Roger Burton West <roger@firedrake.org> writes:
On Sun, Apr 14, 2002 at 02:40:10PM +0200, Werner Reisberger wrote:
Since the maintainer password is send in cleartext with the x_command interface of SmartList I made some scripts and patches to enable SmartList to process x_commands with encrypted passwords.
Am I missing something here? It's true that this system prevents someone from discovering the password by intercepting email; however, the token which the email interceptor discovers is just as good as a password, in that it can be used to cause the execution of X-Commands.
This is true, but is there any reason to believe that network sniffing presently poses any threat to mailing list management? Sniffers of passwords generally have bigger fish to fry. I have never yet seen someone's mailing list password compromised in this fashion.