Looks like "Moderator" password is a non-issue[1].
"Admin" passwords were changed earlier, ... so we should be in pretty good shape at this point.
footnotes/references/excerpts: 1. once upon a time the "Moderator" password was set. The one I had in my notes was, I believe, passed to me the same time the "Admin" password had been much earlier passed to me. I'm also fairly certain "way back then" I verified that each password worked on each of the lists. Seems "Moderator" password/functionality is disabled (as we desire it), as A) I checked, and the old "Moderator" password no longer works, and B) the GUI admin stuff quite effectively states that the "Moderator" role only works if both a password is set for it, and an email is set for "Moderator" - and I checked and all three lists have no email set for "Moderator" - so I believe that effectively disables any "Moderator" capability or login - so I think we're well covered there.
Quoting "Rick Moen" rick@linuxmafia.com:
Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
Thanks - got it (from earlier encrypted contents you sent me) and verified it authenticates.
Also, as you mentioned, "Moderator" password....
I recommend against ever using this function, by the way. So, there's no point in setting its password. (I can detail the reason for that recommendation if anyone's interested. Long story. Short version is that it leads directly to mishaps that the person wielding that password cannot fix.)
It's quite possible many of the "misconfiguration" changes may have been done - perhaps by someone who has "Moderator" password, and may not even have "Admin" password.
I don't think so, because I'm pretty sure nobody has set that password. However, the mishaps I allude to above involve someone accidentally checking a "autodiscard" or "ban" control on the admin queue page and submitting changes, then being unable to remove that address from the autodiscard or ban rosters upon realising his/her mistake, because those rosters are on an admin page to which moderators lack access.
So, in theory, someone wielding a moderator password could have accidentally put Christian Einfeldt's address on the autodiscard list. All the other changes I discussed are possible only with a listadmin password.
If you don't want to be bothered with changing the "Moderator" password (you already covered "Admin" - Thanks!) ... just say the word and I'll take care of "Moderator" password.
You're welcome to set it to something obscure and then forget what it is. That's probably the smartest thing to do with it. ;->