[BALUG-Admin] BALUG list (mis)configurations, etc. (time to change list admin passwords)

Michael Paoli Michael.Paoli@cal.berkeley.edu
Mon Apr 13 22:58:30 PDT 2009


Regarding your emails[1][2] on BALUG list configuration changes, thanks
for bringing these matters to our attention.

I had no idea that that many changes were going on - and many quite
inappropriate.  I certainly agree, they should be discussed and agreed
upon - or at minimum, at least whomever does such should note the
relevant bits to the "admin" list so that folks are aware what was
changed (and why), and if there's reason to
correct/revert/debate/whatever, at least folks have a clue what was
done, by whom and what their rationale was (whether or not it makes
sense overall for the list is another matter - but does help to know
why someone did something - as there may be an issue/problem that
should be addressed (or they thought should be addressed) ... but may
have picked inappropriate or suboptimal approach to "fix"/address the

In any case, it sounds like the level and number of changes going on
are far exceeding what should be the case - particularly with lack of
communication, and at least generally, agreement upon them.  Of all the
changes you mentioned, over the past several *years*, I've probably
been guilty of transgressing 2 or perhaps 3 of them ... once each ...
but sounds like there's a helluva lot more changes going on than are
readily accounted for.

To that end, I'd *strongly* suggest it's (well past) time for new list
admin password(s) - it's been a few zillion years since we changed them
- and a rather large number of folks have been exposed to them (and
they do go across the net in the clear :-/) ... anyway, I think it's
time to change them.

As you probably use those passwords more frequently than anyone else
(or at least I presume that should be the case) please feel free to
pick good secure password(s) at your earliest convenience for all three
lists (or if you prefer, let me know, and I'll pick password - but I
tend to pick quite random cryptic ones).  As to whom should get those
passwords - let's start quite small - we can always expand that "small"
circle if/when appropriate/warranted.  As to who, I'd say we start with
just these folks, and keep the admin list advised of any additional
folks we share the password(s) with:
Rick Moen <rick@linuxmafia.com>
Michael Paoli <Michael.Paoli@cal.berkeley.edu>
Jim Stockford <jim@well.com>
(My) rationale for picking the above 3 - at least as initial set:
Rick Moen <rick@linuxmafia.com> - does the most active (and best :-))
list management/wrangling for the BALUG lists (and thank you very much
for all your work on that!)
Michael Paoli & Jim Stockford - other than Michael Hubbard (Michael
Hubbard hasn't been actively involved in BALUG list administration in
quite a while, but he still has access ... and quite voluntarily foots
the Dreamhost bill for BALUG (he's also got a bunch of his own stuff on
Dreamhost)) ...
Anyway, Michael Paoli & Jim Stockford have (delegated to them) most all
the admin stuff that can possibly be delegated from Dreamhost (so - we
have access to reset password, copy (or trash :-/) the database, main
production website, etc.) ... so wouldn't make much sense to not share
the password with the two of us - since we inherently have access
anyway; also, other than Rick Moen, I probably play next most active
role in list administration stuff (well, if we don't count the
apparently large quantity of inappropriate changes going on).

Anyway, ... hopefully that will sufficiently cover it - at least for
now.  Most folks don't need to be on as list admins, ... three is
probably a good (not too small or too large) number - we can adjust
if/when appropriate.

Again, Rick, thanks much for your help and all your work on this, and
sorry to hear that it was getting that out-of-hand.  Time to reign in
at least a fair chunk of that chaos.


More information about the BALUG-Admin mailing list