From xemacs-m  Mon Aug 25 10:00:15 1997
Received: from wfdutilgw.ml.com (wfdutilf01.ml.com [206.3.74.31])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id KAA13176
	for <xemacs-beta@xemacs.org>; Mon, 25 Aug 1997 10:00:15 -0500 (CDT)
Received: from ml1.ml.com ([199.201.57.130])
	by wfdutilgw.ml.com (8.8.5/8.8.5/MLgw-3.03) with ESMTP id KAA15022
	for <xemacs-beta@xemacs.org>; Mon, 25 Aug 1997 10:54:41 -0400 (EDT)
Received: from commpost.ml.com (commpost.ml.com [146.125.4.24])
	by ml1.ml.com (8.8.5/8.8.5/MLml4-2.07) with SMTP id KAA22195
	for <xemacs-beta@xemacs.org>; Mon, 25 Aug 1997 10:59:44 -0400 (EDT)
Received: from spssunp.spspme.ml.com (spssunp.spspme.ml.com [192.168.111.13]) by commpost.ml.com (8.6.12/8.6.12) with ESMTP id LAA10709 for <xemacs-beta@xemacs.org>; Mon, 25 Aug 1997 11:04:52 -0400
Received: by spssunp.spspme.ml.com (SMI-8.6/SMI-4.1)
	id KAA25913; Mon, 25 Aug 1997 10:59:43 -0400
To: XEmacs Beta List <xemacs-beta@xemacs.org>
Subject: Re: PGP security threat alert
References: <199708232201.SAA22000@helene.tele.nokia.fi> <199708232210.PAA12803@xemacs.eng.sun.com> <m2vi0w4dpf.fsf@altair.xemacs.org>
X-Face: y,o:AU/bfCrS+zS/W"^puB!rT!G7?U1Mvp1Hd{6h^>X4@Xp5,|g+rG>4gv/iy^&x9`k#s!]X~{]Js>@A4c}4Z"Ct7=#1nPS:?mrWH8c#>$)>/Wc5yuX_OFO1(4cZM{LvsKWVQSl~/i>!n[-B*i-alq[/m\bsdy;W4p(_ic;$BE.oG@eJf@sr#x#}FT<=H8Ozu%g;JpVz:v_~vt[>ef/MeNeo3~D^R]]*bB7{HB|E1$wfMzw
X-Y-Zippy: Jesus is my POSTMASTER GENERAL..
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Colin Rafferty <craffert@ml.com>
Date: 25 Aug 1997 10:59:42 -0400
In-Reply-To: SL Baur's message of "23 Aug 1997 17:38:52 -0700"
Message-ID: <ocr203inw9t.fsf@ml.com>
Lines: 14
X-Mailer: Gnus v5.4.65/XEmacs 20.3(beta18) - "Bratislava"

SL Baur writes:

> Implementing bad security is much worse than implementing no security
> at all.  

Amen, brother Steven.

Making this kind of modification is like putting a padlock on an already
open door.  If someone can sit at your unattended terminal (or connect
via gnuserv), they can just as easily load in a `read-passwd' that emails
them the entered password.

-- 
Colin

