> I can't help but believe this is a security hole. If others are like me,
> they use only one or two passwords for all the systems they access. The way
> Listproc *announces* their new password to me when it is reset and then
> stores it in a file unencrypted seems like asking for trouble.
What I do is use two passwords, one for systems that I think are
relatively secure, and one for systems I know nothing about (such as
bbs's and listproc).
Listproc doesn't really need very tight security, so the author has
tried to strike a balance between administrative and user convenience
and some semblance of security. The problem is that Listproc commands
are not used very often, so the chance of a user remembering their
password seems remote.
Nonetheless, perhaps some educational verbage might be appropriate.