Re: [eclipse.org-architecture-council] Auto-generated emails containing

[Christoph Läubrich <laeubi@xxxxxxxxxxxxxx>]

Maybe it is unusual, I think this is how mailman (they software behind 
the mailing lists) work see this documentation here:

https://www.gnu.org/software/mailman/mailman-member/node15.html

> Warning: Do NOT use a valuable password for Mailman, since it can be 
sent in plain text to you.

On the other hand one can not do much with this password and if someone 
can read your emails you probably have a much bigger problem than 
someone changing some of your mailman settings.

Apart from that mailing list feel like some ancient thing from the past 
anyways, in platfrom/tycho/m2e/... we have mostly migrated to github 
discussions that much better serve our needs (e.g. searching, no extra 
accounts required, option to unsubscribe from topics,...) and only uses 
it for the "official" parts (e.g. announcing of releases).

Am 08.12.25 um 01:53 schrieb Sohn, Matthias via 
eclipse.org-architecture-council:
> I also received such an email from technology-pmc-request@xxxxxxxxxxx 
> stating that emails from the technology-pmc list to my gmail account 
> bounced. This email includes a password in plain text. The mailing list 
> membership page mentioned in the email
> https://www.eclipse.org/mailman/options/technology-pmc/ <https:// 
> www.eclipse.org/mailman/options/technology-pmc/ 
> matthias.sohn%40gmail.com><my email address url encoded>
> responds "404 Not found".
>
> cc-ing Mikael leading the Eclipse foundation's security team.
>
> *From: *eclipse.org-architecture-council <eclipse.org-architecture- 
> council-bounces@xxxxxxxxxxx> on behalf of Nikhil Nanivadekar via 
> eclipse.org-architecture-council <eclipse.org-architecture- 
> council@xxxxxxxxxxx>
> *Date: *Sunday, 7. December 2025 at 16:10
> *To: *technology-pmc-owner@xxxxxxxxxxx <technology-pmc-owner@xxxxxxxxxxx>
> *Cc: *Nikhil Nanivadekar <nikhilnanivadekar@xxxxxxxxx>, eclipse.org- 
> architecture-council <eclipse.org-architecture-council@xxxxxxxxxxx>
> *Subject: *[eclipse.org-architecture-council] Auto-generated emails 
> containing secure information received
>
> Hi Technology PMC owners, EMO,
>
> I received an email to confirm my subscription to Technology PMC 
> distribution list. This email is highly insecure because it contains my 
> password in plain text.
>
> Can you please prioritize fixing the emails sent such that they don’t 
> contain passwords in plain text?
>
> Honestly, I was a bit shocked and I am worried about the security and 
> privacy controls to keep our account safe.
>
> Architecture council, EMO,
>
> What is the mechanism to request a verification that such incidents are 
> handled promptly and systematic fixes are applied?
>
> Thanks,
> Nikhil.
>
>
>
> _______________________________________________
> eclipse.org-architecture-council mailing list
> eclipse.org-architecture-council@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council